Software and hardware level of information security. Fundamentals of information and computer security

The classification of protection measures can be presented in the form of three Levels.

Legislative level. The Criminal Code of the Russian Federation has Chapter 28. Crimes in the field of computer information. It contains the following three articles:

Article 272. Illegal access to computer information;

Article 273. Creation, use and distribution of malicious computer programs;

Article 274. Violation of the rules for operating computers, computer systems or their networks.

Administrative and procedural levels. At the administrative and procedural levels, a security policy and a set of procedures are formed that determine the actions of personnel in normal and critical situations. This level is recorded in guidelines issued by the State Technical Commission of the Russian Federation and FAPSI.

Software and hardware level. This level includes the software and hardware that make up the technology information security. These include user identification, access control, cryptography, shielding, and much more.

And if the legislative and administrative levels of protection do not depend on a specific user computer equipment, then each user can and should organize a software and hardware level of information protection on his or her computer.

1.3. Software and hardware level of protection

We will not consider the existing complex software and hardware cryptographic systems that limit access to information through ciphers, as well as secret writing programs that can “dissolve” confidential materials in voluminous graphic and sound files. The use of such programs can only be justified in exceptional cases.

An ordinary user, like you and me, as a rule, is not a professional encryptor or programmer, so we are interested in “improvised” information security tools. Let's look at information security tools and try to assess their reliability. After all, knowing the weak points of defense can save us from many troubles.

The first thing a personal computer user usually does is set two passwords: one password in the BIOS settings and the other on the screen saver. Protection at the BIOS level will require you to enter a password when you boot the computer, and protection on the screen saver will block access to information after a certain period of time that you specify has passed when the computer is inactive.

Setting a password at the BIOS level is a rather delicate process that requires certain skills in working with computer settings, so it is advisable to set it with a colleague who has sufficient experience in such activities. Setting a password for the screen saver is not so difficult, and the user can set it himself.

To set a password for the screensaver, you must perform the following steps: click the Start button, select Settings and Control Panel, double-click the Screen icon and in the Display Properties window that opens, select the Screensaver tab. Set the screensaver type, set the time interval (assuming 1 minute), check the Password checkbox and click the Change button.

In the Change Password window that opens, enter the screen saver password, then enter it again to confirm and click OK.

If you decide to remove the password for the screensaver yourself, then follow all the above procedures, only in the Change Password window you should not type anything, but simply click on the OK button. The password will be removed.

The first way is to use one of the loopholes often provided by motherboard manufacturers, the so-called “universal password for forgetful people.” An ordinary user, which we are, as a rule, does not know it.

You can use the second method of hacking the secrecy: remove the computer casing, remove the lithium battery on the system board for about 20...30 minutes, and then insert it back. After this operation, the BIOS will 99% forget all passwords and user settings. By the way, if you yourself have forgotten your password, which happens quite often in practice, then you can use this method.

The third way for an outsider to find out our protected information is to remove the hard drive from the computer and connect it to another computer as a second device. And then you can read and copy other people’s secrets without any problems. With a certain skill, this procedure takes 15...20 minutes.

So, during your long absence, try to simply prevent unauthorized persons from entering the room where the computer is located.

Software and hardware measures are aimed at monitoring equipment, programs, data and form the last frontier of information security. Central to the software and hardware level is the concept of a security service. The following services exist:
1) Identification and authentication
2) Access control
3) Logging and auditing
4) Encryption
5) Integrity control
6) Shielding
7) Security analysis
8) Ensuring fault tolerance
9) Security safe recovery
10) Tunneling
11) Management
The set of services listed above can be called a complete set and is considered to be sufficient to provide reliable protection on program level. Security services are classified into certain types.
Identification and Authentication. Identification allows the subject to name himself. Authentication makes sure that the subject is who he says he is (authentication). Authentication can be one-way - when the client proves its authenticity, or two-way. The service in question has 2 aspects: 1) what serves as an authenticator 2) and how the exchange of authentication and identification data is protected.
A user authenticator can be one of the following entities: 1) something that he knows (password, key); 2) something he owns (access card); 3) something that is part of himself (fingerprints).
Password authentication.
The most user-friendly form of protection. There are a number of standard techniques used by an attacker to bypass password protection. For each of these techniques, a countermeasure has been developed. Based on these mechanisms, rules for choosing a secure password and working with it can be formulated.
Methods of password attacks:
1) Overkill. The most simple attack for a password, searching through all valid combinations and characters. Modern tools can try to guess a password of 5-6 characters in a few seconds. Some systems do not allow such an attack to be carried out because they react to several incorrect password attempts.
Security mechanism: password length. A modern password must be at least 12 characters long.
2) Search in a limited range. It is known that many users, when choosing a password, use characters that are in the same range. Such a password is much easier to remember, but the enemy’s task is greatly simplified. Let n=70 be the number of characters that can be used in the password. Of these, 10 are numbers. 30 – letters of the Russian alphabet 30 – letters of another alphabet. Let the password length be m=4. Then the number of combinations is 70^4 = 24010000.
10^4+30^4+30^4= 1630000.
Thus, if the attacker turned out to be right, then the number of combinations decreased by 140 times. Password guessing programs include an option that allows you to use numbers when guessing a password.
Security mechanism: Use characters from different ranges.
3) Dictionary attack. A meaningless, completely random password is difficult to remember, and for many users, forgetting the password is more likely than being attacked. Therefore, a word is often chosen. In this case, the brute force task is greatly simplified for the attacker, since the automatic selection program can select words contained in the dictionary file. Exist great amount dictionaries of different kinds, different languages. A dictionary and 200 thousand words are checked in a few seconds. Many users believe that if you apply some simple transformations to a word (write backwards, in Russian letters in an English layout), this will increase security, but compared to simple brute force, selecting words with transformations makes the task doable.
A strong password - should not be based on words of natural language
4) Personal dictionary attack. An attacker can take advantage of the fact that to make it easier to remember, some users select personal data. If an attacker needs to bypass a password, he can compile a dictionary of personal data.
A strong password should be completely meaningless.
5) Collection of passwords stored in publicly accessible areas. In many organizations, passwords are created and distributed by the administrator. However, since the password is difficult to remember, users often keep it written down on hand. The problem is that users often do not take the security of their service password seriously. They believe that since everyone in the organization is their own, careless storage will not cause harm.
The password should not be stored in a publicly accessible place. The ideal option is to remember and not store it anywhere.
6) Social engineering. Manipulating people to penetrate protected systems. If a password cannot be guessed or stolen, an attacker may try to force the user to reveal the password themselves. A classic social engineering tactic: calling the victim on behalf of someone who has a right to know the requested information. By the method of social engineering is: luring to a fake site, opening a link. The techniques that attackers use can be very different.
Security rules: you cannot disclose your password to unauthorized persons, even if that person has the right to know it.
7) Phishing. The procedure for extracting the password of random Internet users. It usually involves creating fake sites that trick the user into entering their password. For example, to get a password to a bank account, a website with the same website design can be created. Emails with content such as check your account, which contains a link to a fake site, can also be sent. When a client lands on the attacker’s website, he is also prompted to enter a username and password. This information is stored in the attacker's database. After which the client is sent to the main page of this site.
Many users use the same password for different resources. As a result, by carrying out an attack on a less protected resource, you can gain access to a more protected one. For example, a website is being created that is interesting to a certain circle of users. Information about this site is communicated to potential victims. The user registers and comes up with a password. Then the attacker needs to see if this password is suitable for other resources.
To combat phishing threats, you need to check website addresses before entering your password. It is better to bookmark the address and not follow links from emails. Recommended to use different passwords to access various services.
Thus, we indicate measures to increase the reliability of protection:
1) Imposition of technical restrictions. On the length and content of the password
2) Password expiration management and periodic change.
3) Restriction of access in terms of password.
4) Increased number of failed logins
5) User training
6) Using software password generators.
The passwords discussed above can be called reusable. Their disclosure allows an attacker to act on behalf of a legitimate user. One-time passwords are a stronger tool from a security point of view.

One-time passwords. One-time passwords – passwords valid for one authentication session. The validity of a one-time password can be limited to a certain period of time. The advantage of such a password is that it cannot be reused. A person is not able to remember one-time passwords, so additional technologies are required to implement this mechanism.
Methods of creation and distribution one-time passwords:
Algorithms for creating one-time passwords are used random numbers. This is necessary so that it is impossible to predict next password. The specific algorithms for creating such passwords can vary significantly in detail.
To create one-time passwords, the following main approaches can be distinguished:
1) Algorithms that use mathematical algorithms to create a new password.
2) Approaches based on time synchronization between the server and client.
3) Passwords using mat algorithms, where New Password query or counter based.
Exist various ways tell the user the following password. Some systems use special electronic tokens that users carry with them. Systems can also use programs that the user launches from a mobile phone. Some systems generate one-time passwords on the server, then send them to the user using third-party channels, such as SMS.
Creating one-time passwords based on mathematical algorithms.
Let's consider an approach using a one-way function f. The system starts working from the initial number s. The password f(s), f(f(s)), f(f(f(s))) is generated. Each password is distributed in reverse order, starting with the last one and ending with f(s). If an attacker manages to obtain a one-time password, then to calculate the next password in the chain, it is necessary to find a way to calculate the inverse function. And because f was one-sided, then this is impossible. If f is a cryptographic cache function that is commonly used, then this would be a technically impossible task.
Time synchronization.
Associated with physical hardware tokens. An accurate clock is built inside the token, which is synchronized with the clock on the server. And in such systems, time is important part algorithm for creating a one-time password, since password generation is based on the current time. Also for synchronized one-time passwords can be used Cell phones. Using one-time passwords with a challenge requires the user to provide a time-synchronized challenge.
Kerberos authentication service.
The server is designed to solve the following problem: There is an open, unsecured network in the nodes of which there are subjects. Each subject has a secret key. In order for subject A to prove his authenticity to subject B, he must not only identify himself, but also demonstrate knowledge of the secret key. A cannot simply tell B his secret key, because the network is open and A does not know it. Some way of demonstrating knowledge of the secret key is required. And the Kerberos system is a 3rd party that holds the secret keys of all the principals and helps them in pairwise authentication.
To gain access to B, A sends a request containing information about him and the requested service. In response, Kerberos sends a so-called ticket, encrypted with the server's private key, and a copy of part of the ticket, encrypted with A's private key. A must decrypt 2 pieces of data and send it to the server. The server, having decrypted the ticket, can compare its contents with additional information sent by client A. A match indicates that A was able to decrypt the data intended for him, that is, he demonstrated knowledge of the secret key. This means, namely, who he claims to be. Secret keys here were not transmitted over the network, but were only used for verification.
Authentication and identification using biometric data.
Biometrics is a set of authentication and identification based on their physiological and behavioral characteristics. Physiological characteristics include: fingerprints, retina. Behavioral characteristics include: manual signature, style of working with the keyboard. At the intersection of physiology and behavior are the features of voice and speech recognition.
In general, work with biometric data is organized as follows: First, a database of characteristics of potential users is created and maintained. To do this, biometric characteristics are taken, processed, and the results are entered into the database. In the future, for authentication, the process of collecting and processing data is repeated, after which a search takes place in the template database. If the search is successful, the identity is established. Biometric methods are not more reliable than template databases. A person’s biometric data changes and the template database needs to be maintained.

Access control models
The main role in the method formal development The system plays a security model. It defines the flow of information allowed in the system and the rules for accessing this information.
Let's consider 3 models:
1) Discretionary access model. Within the framework of this model, access of subjects (users, applications) to objects (files, applications) is controlled. For each object there is an owner subject, which determines who has access to the object, as well as the rights allowed. The main access operations are read, write and execute. Thus, the discretionary access model for each subject-object pair establishes a set of permitted operations. When access to an object is requested, the system looks for the subject in the object's list of access rights and allows access if the subject is present in the list and the allowed access type includes the required type. The classic discretionary access system is closed, i.e. the object is initially not accessible to anyone, and the access list describes a set of permissions. This access model can be found in operating rooms Windows systems,Linux. One of the disadvantages of the model is that not every object can be assigned an owner. Also, with a large number of subject objects in the system, administration occurs large quantity such pairs, which makes work difficult.
2) Bell-LaPadula model (mandatory access control). This model provides definitions of an object, subject and access rights, as well as the mathematical apparatus for their description. This model is known mainly for 2 security rules, one related to reading and the other to writing data. Let there be 2 types of files in the system: secret and non-secret. And the user belongs to 2 categories: with the level of access to non-secret files (not secret), to secret (secret). Rule 1: A non-secret user or a process running on his behalf cannot read data from a secret file.
Rule 2: A user with a secret file access level cannot write data to non-secret files. secret files.
The considered rules are easily distributed in a system in which there are more than 2 access levels.
General rule: Users can only read documents whose security level is below their security level, and cannot create documents below their security level.
This model is mathematical. The main emphasis is on confidentiality.
3) Role-based access control model. The role-based method controls user access to information based on the type of activity they have in the system (roles). A role is understood as a set of actions and responsibilities associated with a certain type of activity. Example roles: accountant, administrator, etc. Each user has their own roles configured. Object-role. In some cases, a user is allowed to perform multiple roles simultaneously. In this case, the roles have a hierarchical structure. The main advantages of the role model: A) ease of administration, there is no need to prescribe rules for each object of the subject; instead, a role object is prescribed. When a user's responsibilities change, their role also changes. A hierarchy of roles simplifies administration. B) Principle of least privilege. Register in the system with the minimum role required to perform tasks.

Recording and auditing.
Logging refers to the collection and accumulation of information that occurred in the system. In this case, the events of each service can be divided into: external, internal and client.
An audit is an analysis of accumulated information, carried out promptly in real time or periodically. An operational document with an automatic response to identified unusual situations is called active.
Logging and auditing solve the following problems: Ensuring user and administrator accountability. Providing the ability to reconstruct the sequence of events. Detection of attempts to violate information security. Providing information to identify and analyze problems.
Logging requires common sense to decide what system events to log and in what detail, while still meeting security goals and not wasting resources. There is no universal answer, but some recommendations can be highlighted. In relation to the operating system, it is recommended to record events: logging into systems, logging out, accessing a remote system, file operations, changing privileges and other security attributes. When logging, it is recommended to record: tattoo and time, user ID and action, type of event, result of action, source of request, names of affected objects and description of changes. Ensuring accountability is important as a deterrent. Detection of attempts to violate information security is an active audit function. Regular auditing can detect attacks late.
*Active audit. Suspicious activity is behavior of a user or system component that is suspicious from the point of view of certain rules or is not typical. The goal of active auditing is to quickly identify suspicious activity and provide automatic response tools. In this case, it is advisable to divide the activity into attacks aimed at illegally obtaining authority. To describe and identify attacks, the signature method is used. An attack signature is a set of conditions under which an attack occurs that triggers a response. Actions that are performed within the scope of authority but violate security policy are called abuse of authority. Non-typical behavior is usually identified using statistical methods. A system of thresholds is used, the excess of which is suspicious. In relation to active auditing tools, a distinction is made between type 1 and type 2 errors: missed attacks and false alarms. The advantage of the signature method is the small number of type 2 errors (small number of false alarms). The disadvantage is the inability to detect new attacks. The advantage of the statistical method is its versatility, the ability to detect known attacks. The downside is a high proportion of type 2 errors.

Encryption.
Encryption is a reversible transformation of plain (original) text based on a secret algorithm or key into encrypted (closed) text. Encryption is a means of ensuring information confidentiality.
Encryption algorithms are divided into 2 groups:
1) Symmetric algorithms. The same key K is used for encryption and decryption. M'=EnGrypt(M,K) encryption function M=DeCrypt(M',K) decryption.
All symmetric encryption algorithms can be divided into 3 groups:
A) Substitution B) Permutation C) Block ciphers.
*Substitution algorithms. They work on the following principle: each character of the source text is replaced by another character or sequence of characters. In this case, characters from different alphabets can be used. If characters of 1 alphabet are used for replacement, the substitution is called mono-alphabetic. Several characters – poly alphabetical substitution.
- The simplest substitution is Caesar ciphers. Each letter of the original message is replaced by the letter located 3 positions after it in the alphabet. The peculiarity of Caesar ciphers is that there is no key; the number 3 is not a key, but is part of the algorithm. Currently, the first rule of cryptography is: the strength of any cipher lies in the fact that the adversary fully knows the encryption mechanism and the only information he does not have is the key. The Caesar cipher becomes a full-fledged cipher with a key if the number 3 is not specified, but chosen arbitrarily, according to an agreement. Only numbers from 1 to 32 can be selected as a key. Thus, the modified Caesar cipher is not resistant to cracking using a key brute force method.
- Simple replacement cipher. Each character of the plaintext alphabet is assigned a corresponding character of the same or another alphabet. The key to this cipher will be the correspondence table. The total number of keys is equal to permutations of alphabet power 33! This cipher is quite easily amenable to cryptanalysis by determining the frequency of occurrence of symbols. Thus, mono-alphabetic ciphers have a serious weakness based on the statistical features of the original text, which inherits the ciphertext.
- An example of multi-alphabetic substitution of the Gronsfeld cipher. It is a modification of the Caesar cipher. A sequence of digits of an arbitrary fixed length is used as a key. M=INFORMATICS K=123. Each key character is written under the source text; if the key length is less than the source text, it is repeated cyclically. K=12312312. M'=YPCHTPLBALLV. This cipher belongs to the multi-alphabetic cipher family. Thus, the statistical features of this text will appear with cyclicity n-key length (=3). In this case, the frequency table gives an error, and text recovery becomes impossible.
*Permutation algorithms. Plaintext characters change order according to the rule and key.
- A classic example is the rearrangement of letters according to a certain rule in a table of a given size. The text is written in columns and read in rows.
*Block ciphers. Symmetric encryption uses both substitution and permutation. The practical standard is multiple rounds of encryption with different keys that are generated from 1 shared key. Majority modern algorithms have a structure similar to the structure of the Feistel network (based on Chenon). A strong encryption algorithm must satisfy 2 properties: diffusion and coffusion. Diffusion - Every bit of plaintext must influence every bit of ciphertext. The essence of diffusion is the dispersion of the statistical characteristics of the plaintext within the ciphertext. Conffusion is the absence of a statistical relationship between the key and the ciphertext. Even if the enemy determines the statistical features of the text, they should not be enough to decrypt.
Let's consider the structure of the Feistel network.
2) Public key algorithms.

Software and hardware measures aimed at control computer equipment, programs and stored data form the last but not least important frontier of information security. At this level, not only positive, but also Negative consequences rapid progress of information technology. Firstly, additional features appear not only among information security specialists, but also among attackers. Secondly, information systems are constantly being modernized, rebuilt, and insufficiently tested components (primarily software) are added to them, which makes it difficult to comply with the security regime.

Central to the software and hardware level is the concept of a security service. These services for public sector institutions and companies include:

• identification and authentication;
• access control;
• logging and auditing;
• encryption;
• integrity control;
• shielding;
• security analysis;
• ensuring fault tolerance;
• ensuring safe recovery;
• tunneling;
• control.

Currently, increasing the level of information security of state-owned enterprises can be achieved through the introduction of modern security technologies, characterized by increasing functionality, versatility and the ability to be ported to any platform. In the field of technical protection of information resources, three main areas can be identified in which Russian state-owned enterprises operate:

• internal network protection;
• protection of access to the Internet and international information exchange;
• protection of interaction with remote units.

At the same time, we remember that government agencies and government organizations use only information security tools certified by FSTEC or the FSB of the Russian Federation. To protect internal resources, most federal and regional government agencies use user authentication and authorization mechanisms built into operating systems. Some departments have special certified systems for protecting against unauthorized access and electronic locks, such as Labyrinth-M, Accord, SecretNet. As a rule, encryption means are installed secret keys information protection "CryptoPro" or long-known and still popular systems family "Verba".

To protect workstations and internal network servers from malicious programs (viruses, worms, Trojan horses), the vast majority of government organizations use anti-virus software software. Most often these are Russian Kaspersky Anti-Virus or Dr.Web. However, there are also solutions from Trend Micro, Symantec, McAfee, Eset.

The network is divided into segments with different information security requirements using MAC and IP address filtering mechanisms on the active network equipment and VLAN mechanisms. Very rarely are security policy control systems used that compare the current settings of protective mechanisms and subsystems with reference values ​​(Cisco, Uryadnik).

In order to protect the network perimeter, government agencies usually use various certified firewalls. These are mainly solutions from Cisco, Aladdin and Check Point. But there are also products from other manufacturers, in particular, Novell Border Manager, Microsoft ISA Server, SSPT-1 and SSPT-1M from the Central Research Institute of RTK, Zastava from Elvis-Plus.

Attack detection and prevention systems (so-called HIPS) have so far been implemented in very few government organizations. Typically, solutions from Symantec, S.N. are found here. Safe'n'Software and Cisco. Federal government agencies provide protection against spam and abuse on the Internet various systems monitoring Email and web traffic, such as eSafe Gateway, MAILsweeper, WEBsweeper and Websense.

In communication channels with remote units, only Russian systems cryptographic information protection and VPN - Zastava, VipNet or Continent.

11. Legal framework for organizational protection. Sources of law in the field of information security. Types regulatory documents. Examples of domestic and foreign legislative documents.

IN Russian Federation Regulatory legal acts in the field of information security include:

· Acts of federal legislation:

· International treaties of the Russian Federation;

· Constitution of the Russian Federation;

· Laws federal level(including federal constitutional laws, codes);

· Decrees of the President of the Russian Federation;

· Decrees of the Government of the Russian Federation;

· Regulatory legal acts of federal ministries and departments;

· Regulatory legal acts of constituent entities of the Russian Federation, local governments, etc.

Regulatory and methodological documents include

1. Methodological documents government agencies Russia:

· Doctrine of information security of the Russian Federation;

· Guiding documents of FSTEC (State Technical Commission of Russia);

· FSB orders;

2. Information security standards, of which the following are distinguished:

· International standards;

· State (national) standards of the Russian Federation;

· Methodological instructions.

Types of regulatory documents:

· Regulatory legal acts: Laws of the Russian Federation (On Security), Federal laws(About personal data, About information and information technologies, About electronic digital signature), Decree of the President of the Russian Federation (On approval of the list of confidential information), Government Decree (On certification of information security means, On licensing);

· Regulatory, methodological and methodological documents: Doctrine, Orders of FSTEC, Regulations on certification of protective equipment according to safety requirements, Regulations on certification of objects, Model provisions, Guiding documents, Methods (security assessment), Regulatory and methodological document;

· Standards: GOST, RD, SanPin (Hygienic requirements for video display terminals), SNiP (noise protection).

Example of foreign legislative documents:

USA

As of today, the United States is the jurisdiction with the largest number documents in the System (more than 12,000 documents).

The database includes documents from two main American federal legal sources: the US Code (USC) and the Code of Federal Regulations (CFR). The first is a systematic set of federal statutory legislation and consists of 52 sections devoted to the regulation of certain legal branches or institutions.

The System includes three sections of the US Code: Title 26 - US Internal Revenue Code, Title 12 - Banks and Banking, and Title 15 - Commerce and Trade, which includes legislation. regulating activities in the securities market. The Code of Laws is reissued by Congress every 6 years and published by the US Code Service. Unlike most publicly available sources, the WBL system provides not only the text of these documents, but also the history of all amendments made to them, as well as notes and the most significant judicial precedents in this area.

The System also includes by-laws issued by federal executive authorities and included in the Code of Federal Regulations. They are published by the Federal Register, an agency of the National Archives Administration.

12. Development of a security policy. Basic provisions of information security. Application area. Goals and objectives of ensuring information security. Distribution of roles and responsibilities. General responsibilities.

Development.

First, it is necessary to conduct an audit of the company’s information processes to identify critical information that needs to be protected. An audit of information processes should end with determining the list of confidential information of the enterprise, the areas where this information is accessed, the persons allowed to access it, as well as the consequences of loss (distortion) of this information. After implementing this stage, it becomes clear what to protect, where to protect and from whom: after all, in the overwhelming majority of incidents, the violators will be - willingly or unwillingly - the company employees themselves. And nothing can be done about it: you have to take it for granted. Various security threats can be assigned a probability value for their occurrence. By multiplying the probability of a threat being realized by the damage caused by this implementation, we obtain the risk of the threat. After this, you should begin to develop a security policy.

Security policy is a “top” level document, which should indicate:

· persons responsible for the safety of the company;

· powers and responsibilities of departments and services regarding security;

· organizing the admission of new employees and their dismissal;

rules for limiting employee access to information resources;

· organization of access control, registration of employees and visitors;

· use of software and hardware protection tools;

· other general requirements.

The costs of ensuring information security should not be greater than the amount of potential damage from its loss. Risk analysis carried out at the audit stage allows us to rank them by magnitude and protect, first of all, not only the most vulnerable areas, but also those areas that process the most valuable information. The ISO 17799 standard allows you to quantify integrated security:

Developing a security policy involves a number of preliminary steps:

· assessment of the personal (subjective) attitude towards the risks of the enterprise of its owners and managers responsible for the functioning and performance of the enterprise as a whole or individual areas of its activity;

· analysis of potentially vulnerable information objects;

· identifying threats to significant information objects (information, information systems, information processing processes) and assessing the corresponding risks.

When developing security policies at all levels, you must adhere to the following basic rules:

· Security policies for more low levels must fully comply with the relevant top-level policies, and current legislation and requirements of government agencies.

· The text of the security policy should contain only clear and unambiguous language that does not allow for double interpretation.

· The text of the security policy must be understandable to those employees to whom it is addressed.

The general information security policy life cycle includes a number of basic steps.

· Conducting a preliminary study of the state of information security.

· The actual development of a security policy.

· Implementation of developed security policies.

· Analysis of compliance with the requirements of the implemented security policy and formulation of requirements for its further improvement (return to the first stage, at new cycle improvement).

Organizational Security Policy(English) organizational security policies) - a set of security guidelines, rules, procedures and practices that govern the management, protection and distribution of valuable information.

In the general case, such a set of rules represents a certain functionality software product, which is necessary for its use in a specific organization. If we approach security policy more formally, then it is a set of certain requirements for the functionality of the security system, enshrined in departmental documents.

The security policy depends on:

• from a specific information processing technology;
• from the hardware and software used;
• from the location of the organization;

The protection of a large information system cannot be solved without well-developed information security documentation - Security Policy helps

· make sure that nothing important is overlooked;

· establish clear safety rules.

Only a comprehensive and economically feasible protection system will be effective, and the information system itself in this case will be secure.

The security policy document should describe the goals and objectives of information security, as well as valuable company assets that require protection. Information security goals, as a rule, is to ensure the confidentiality, integrity and availability of information assets, as well as ensuring the continuity of the company's business.

Information security objectives are all the actions that need to be performed to achieve the goals. In particular, it is necessary to solve such problems as analysis and management information risks, investigation of information security incidents, development and implementation of business continuity plans, advanced training of company employees in the field of information security, etc.

Lecture 6.
Basic software and hardware measures
(security services)
1

Literature

V.A. Galatenko "Fundamentals
information security",
EBook
2

Central to the software and hardware level is the concept
security service.
3

Basic concepts of software and hardware level of information security

Ancillary services include
security (we have already encountered
them when considering standards and
specifications in the field of information security); among
them us first of all will be
interested in universal
high-level, allowing
use by various
main and auxiliary
services.
4

Basic concepts of software and hardware level of information security

Next we will look at the following services:
;
access control;
logging and auditing;
encryption;
integrity control;
shielding;
security analysis;
ensuring fault tolerance;
ensuring safe recovery;
tunneling;
control.
5

Basic concepts of software and hardware level of information security

To classify services
security and determining their place in the general
architecture security measures can be
divided into the following types:
preventive, preventing violations
IS;
measures to detect violations;
localizing, narrowing the area of ​​influence
violations;
measures to identify the violator;
measures to restore the security regime.
6

Basic concepts of software and hardware level of information security

Most security services fall into
number of preventive ones, and this is certainly
Right. Audit and integrity control
can help detect violations;
active audit also allows
program a reaction to a violation with
for the purpose of localization and/or tracking.
Direction of services
fault tolerance and secure
recovery is obvious. Finally,
management plays an infrastructural role,
serving all aspects of IP.
7

Identification and Authentication

Identification allows the subject
(user, process, current
on behalf of a specific user,
or other hardware and software
component) name yourself (tell your
Name).
8

Identification and Authentication

Through authentication, the second
the party makes sure that the subject
really who he thinks he is
issues. As a synonym for the word "
authentication" is sometimes used
the phrase "authentication".
9

10. Authentication

Authentication - verification procedure
authenticity, for example:
user authentication by
comparing the password he entered with the password,
saved in the user database;
electronic authentication confirmation
letters by checking the digital signature
letters using the sender's public key;
examination checksum file on
compliance with the amount declared by the author
this file.
10

11. Authorization

Authorization - provision
a specific person or group of people
rights to perform certain
actions; as well as the verification process
(confirmation) of these rights upon
attempting to perform these actions.
You can often hear the expression that
some person is “authorized” for
performing this operation is
means that he has the right to it.
11

12. Authorization

Authorization should not be confused with authentication:
authentication is a verification procedure
legality of the user or data, e.g.
checking the compliance of the entered
user password to account password in
database, or digital signature verification
letters using an encryption key, or verification
file checksum for compliance
stated by the author of this file.
Authorization performs access control
legal users to system resources
after successfully passing them
authentication. Often procedures
authentication and authorization are combined.
12

13. Identification and authentication

Authentication is one-way
(usually the client proves his
authenticity to the server) and two-way (
mutual). One way example
authentication - login procedure
user into the system.
13

14. Password authentication

The main advantage of a password
authentication – simplicity and
familiarity. Passwords have long been built into
operating systems and other services.
At correct use passwords
can provide acceptable for
many organizations level
security. However, according to
the totality of their characteristics should
recognize as the weakest remedy
authentication.
14

15. Password authentication

The following measures can significantly increase
reliability of password protection:
imposing technical restrictions (the password must
not too short, it must contain letters,
numbers, punctuation marks, etc.);
management of password expiration dates, their periodic
change;
restricting access to the password file;
limiting the number of failed login attempts
(this will make it difficult to use the “brute force method”);
user training;
using software password generators (such
the program, based on simple rules, can
generate only euphonious and, therefore,
memorable passwords).
15

16. One-time passwords

The passwords discussed above can be
call it reusable; their disclosure
allows the attacker to act
on behalf of a legal user.
A much stronger remedy
resistant to passive
network eavesdropping are
one-time passwords.
16

17. Kerberos Authentication Server

Kerberos is a software product
developed in the mid-1980s in
Massachusetts Institute of Technology
Institute and has since undergone a series of
fundamental changes. Client
Kerberos components are present in
most modern
operating systems.
17

18. Identification/authentication using biometrics

Biometrics is a collection of
automated identification methods
and/or authenticating people based on their
physiological and behavioral
characteristics. Among the physiological
characteristics belong to features
fingerprints, retina and cornea,
geometry of the hand and face, etc. To behavioral
characteristics include signature dynamics
(manual), style of working with the keyboard. At the junction
physiology and behavior are analyzed
voice features and speech recognition.
18

19. Identification/authentication using biometrics

In general, working with biometrics
data is organized as follows
way. First, it is created and
characteristics database supported
potential users. For this
biometric characteristics
user are removed, processed,
and the result of the processing (called
biometric template) is entered into
database (source data such as
finger scan result or
corneas are usually not stored).
19

20. Identification/authentication using biometrics

But the main danger is that
any hole for biometrics
turns out to be fatal. Passwords, for all
their unreliability, in extreme cases it is possible
change. Lost authentication card
You can cancel the card and get a new one.
You cannot change your finger, eye or voice.
If biometric data turns out to be
compromised, you will have to at least
carry out significant modernization
the entire system.
20

21.

Access control models
21

22. Goals and scope

The purpose of access control is
restriction of operations that can
hold by legitimate user
(registered in the system).
Access control specifies that
specifically the user has the right
to do in the system, as well as what
operations are allowed to be performed
applications running from
username.
22

23. Goals and scope

Thus access control
designed to prevent
user actions that can
harm the system, for example
violate the security of the system.
23

24. Terms used

Access
Access by a subject to an object for specific operations.
An object
Container of information in the system
Subject
The entity that defines the user when working in
system
User
A person performing actions in the system or
application acting on his behalf.
24

25. General description

Access control is the definition
subject's ability to operate
over the object. In general
described by the following diagram:
25

26. General description

From a traditional point of view, controls
access allows you to specify and
control the actions that subjects
(users and processes) can perform
objects (information and other
computer resources). In this section
this is about logical control access,
which, unlike the physical, is realized
by software. Boolean
access control is the main mechanism
multi-user systems designed
ensure confidentiality and integrity
objects and, to some extent, their
availability (by prohibiting service
unauthorized users).
26

27. General description

Objective: Provide access control to
production information.
Access to computer systems And
data needs to be controlled
based on production requirements
(business).
Such control must take into account the rules
dissemination of information and
access restrictions adopted in
organizations.
27

28. General description

Production management requirements
access to systems must be determined
and document it.
Access control rules and access rights
per user or group
users must be clearly
formulated in policy provisions
control access to information.
Users and service providers must
know clearly defined
production requirements,
satisfying management policy
access.
28

29. General description

When defining access control rules
the following need to be considered:
differences between the rules that should always
be followed, and the rules that are
optional or conditional;
It is better to formulate rules based on the premise
"everything that is not clearly permitted is prohibited" than on
the premise “everything is permitted that is not explicitly prohibited”;
changes in information labels that
initialized automatically by means
information processing and initialized according to
user discretion;
changes in user access rights that
initialized automatically by information
system and initialized by the administrator;
rules that require administrator approval
or anyone else before entry into force, and those
rules that do not require anyone's approval.
29

30. Access control models

Authority Access Control
Role-based access control
30

31. Selective access control

Selective Access Control
(English: discretionary access control, DAC) -

objects based on control lists
access or access matrix.
Titles are also used
"discretionary access control"
"controlled access control"
or "demarcation management"
access."
31

32. Selective access control

Each object of the system has a subject attached to it,
called the owner. It is the owner who sets the rights
access to the object.
The system has one dedicated subject - the superuser,
who has the right to establish ownership rights for everyone
other subjects of the system.
An entity with a certain access right can transfer this right
any other subject
The subject's access rights to the system object are determined by
based on some external (relative to the system) rule
(property of selectivity).
To describe the properties of selective access control
a system model is used based on the access matrix (AM,
sometimes called the access control matrix). This model
called matrix.
The access matrix is ​​a rectangular matrix, in
in which a row corresponds to a system object and a column to a subject. At the intersection of a matrix column and row, the type is indicated
(types) of permitted access of a subject to an object. Usually isolated
such types of subject access to an object as “read access”,
“write access”, “execute access”, etc.
32

33. Selective access control

The set of objects and types of access to them by a subject can
change according to certain rules,
existing in this system.
For example, a subject's access to a particular object may be
only allowed on certain days (date-dependent
condition), clock (time-dependent condition), depending on
other characteristics of the subject (context-dependent
condition) or depending on the nature of the previous work.
Such conditions on access to objects are usually used in
DBMS. In addition, a subject with certain powers
may transfer them to another entity (if this is not
contradicts the security policy rules).
The decision on a subject's access to an object is made in
in accordance with the type of access specified in the relevant
access matrix cell. Typically, electoral management
access implements the principle “what is not allowed is
denied", which implies explicit permission for access
subject to object.
33

34. Selective access control

Mixed options are also possible
constructions when simultaneously in
are present in the system as owners,
establishing access rights to their
objects, and the superuser,
having the ability to change rights
for any object and/or changing it
owner. Just so mixed
option implemented in most
operating systems such as Unix or
Windows NT.
34

35. Authorized access control

Mandatory access control
access control, MAC) - access control
subjects to objects, based on purpose
sensitivity labels for information,
contained in the objects, and the issuance of official
permissions (admission) for subjects to contact
information of this level of confidentiality.
Also sometimes translated as Forced
access control. This is a method that combines
protection and limitation of rights applied under
towards computer processes, given
And system devices and intended for
preventing their unwanted
use.
35

36. Authorized access control

all subjects and objects of the system must
be uniquely identified;
each object of the system is assigned
criticality label defining
the value contained in it
information;
each subject of the system is assigned
level of transparency (security clearance),
defining the maximum value
criticality labels of objects to which
subject has access.
36

37. Authorized access control

In the case where a set of labels have the same
meanings, they are said to belong to the same
security level. The organization of labels has
hierarchical structure and thus in the system
can be implemented hierarchically, non-descending (by
values) flow of information (for example, from ordinary
performers to management). The more important the object or
subject, the higher its criticality label. That's why
the most protected objects are those with
the highest values ​​of the criticality label.
Each subject, in addition to the level of transparency, has
current security level value that can
vary from some minimum value to
values ​​of its transparency level. For acceptance
decisions on access permission are made
comparison of an object's criticality label with its level
transparency and current level security
subject.
37

38. Authorized access control

The result of the comparison is determined by two
rules: simple condition protection (simple
security condition) and property. IN
in a simplified form, they determine that
information can only be transmitted
"up", that is, the subject can read
contents of an object if its current level
safety not lower than the criticality mark
object, and write to it, if not higher.
A simple condition of protection is that any
the subject can perform an operation on an object
perform only if its level
transparency not lower than the criticality mark
object.
38

39. Authorized access control

The main purpose of the authorization policy
security - regulation of subject access
systems to objects with different levels of criticality and
preventing information leakage from upper levels
position hierarchy to the lower ones, as well as
blocking possible penetrations from lower
levels to the upper ones. At the same time, it operates on
background of electoral politics, giving it
requirements hierarchically ordered nature (in
according to security levels).
The mandatory access control system is implemented in
FreeBSD Unix OS.
SUSE Linux and Ubuntu have a mandatory architecture
access control called AppArmor.
39

40. Role-based access control

Role-based access control
(eng. Role Based Access Control,
RBAC - policy development
selective access control,
in this case, the access rights of subjects
systems into objects are grouped with
taking into account the specifics of their application,
forming roles.
40

41. Role-based access control

The role-based access control model contains a number of
features that do not allow it to be classified
neither to the discretionary category, nor to the category
mandate models.
The main idea of ​​what is implemented in this model
approach is that the concept of “subject”
is replaced by two new concepts:
user – a person working in the system;
role – active in the system
abstract entity that is associated with
limited and logically consistent
set of powers required for
carrying out certain actions in the system.
41

42. Role-based access control

A classic example of a role is root in Unix-like systems - the superuser,
possessing unlimited powers.
This role may, as needed,
be involved in various
administrators.
The main advantage of a role model
is the proximity to real life: roles,
operating in the AS, can be lined up in
full compliance with the corporate hierarchy
and at the same time not tied to specific
users, and to positions – that, in particular,
simplifies administration in conditions
high staff turnover.
42

43. Role-based access control

Access control when in use
role model is carried out as follows
way:
1. For each role, a set of
powers, which is a set
access rights to AS objects.
2. Each user is assigned a list
roles available to him.
Note that the user can be
associated with several roles –
this opportunity is also significantly
simplifies the administration of complex
corporate speakers.
43

44. Role-based access control

RBAC is widely used for
user management
privileges within a single
systems or applications. List
such systems include Microsoft
Active Directory, SELinux, FreeBSD,
Solaris, Oracle DBMS and many
others.
44

45. Bell Model - Lapadulas

Model Bella - Lapadula - model
access control and management,
based on the mandate model
access control. In the model
conditions under which
impossible to create
information flows from
subjects with a higher level
access to subjects with lower
access level.
45

46. ​​Bell Model - Lapadulas

The classical Bell-Lapadula model was described in
1975 by employees of the MITER Corporation
David Bell and Leonard LaPadula, to the creation
models were pushed by the security system for
working with classified US Government documents.
The essence of the system was as follows: everyone
subject (person working with documents) and object
(documents) are assigned a label
confidentiality, starting from the highest
(“of special importance”), ending with the lowest
(“unclassified” or “public”). Moreover, the subject
which is allowed access only to objects with more
low privacy label, can't get
accessing an object with a higher label
privacy. The subject is also prohibited
writing information to lower-level objects
security.
46

47. Harrison-Ruzzo-Ullman model

Harrison-Ruzzo-Ullman model
is a classic discretionary
model, implements arbitrary
managing subject access to
objects and control over distribution
access rights within this model.
47

48. Harrison-Ruzz-Ullman model

Harrison-Ruzz-Ullman model
The processing system is provided as
a set of active entities of subjects,
forming many subjects,
who access
users of passive entities
objects forming a set
objects containing protected
information, and a finite set of rights
access characterizing the authority to
taking appropriate action before
what to include in scope
models of relationships between subjects.
It is generally accepted that all subjects
are also objects at the same time.
48

49. Hordston's five-dimensional security space model

Now consider a model called
five-dimensional space
Hartstone's security. In this
models use five-dimensional
security space for
process modeling, establishing
powers and organization of access to them
basis. The model has five main
sets:
A – established powers; U –
users; E – operations; R –
resources; S – states.
49

50. Hordston's five-dimensional security space model

The security area will look like
Cartesian product: А×U×E×R×S. Access
treated as a series of requests,
carried out by users u for
performing operations e on resources R while
the time when the system is in state s.
For example, an access request is submitted
four-dimensional tuple q = (u, e, R, s), u U,e
E,s S,r R. The quantities u and s are specified by the system in
fixed form.
Thus, the access request is a subspace
four-dimensional projection of space
security. Requests are granted access rights
in the case where they are completely enclosed in
corresponding subspaces.
50

51. Call security monitor

Contact security monitor concept
is a fairly natural formalization
some mechanism that implements the distinction
access in the system.
Call Security Monitor (CSM)
is a filter that allows
or denies access based on
the rules of differentiation established in the system
access
51

52. Call security monitor

Having received an access request from subject S to object O, the monitor
call security analyzes the rule base,
corresponding to the policy established in the system
security, and either allows or denies access.
The call security monitor satisfies the following:
properties:
1. No request for subject access to an object should
be performed bypassing the MBO.
2. The operation of the MBO must be protected from outsiders
interventions.
3. The presentation of MBO should be simple enough for
possibility of verifying the correctness of its operation.
Although the concept of a security monitor
calls is an abstraction, enumerated properties
are also valid for software or hardware modules,
implementing the functions of a call monitor in real
systems.
52

53. Integrity Models

One of the policy goals
security - protection against violation
integrity of information.
Most famous in this class
models of Biba's integrity model and
Clark-Wilson model.
53

54. Clark-Wilson model

The Clark-Wilson model appeared in
the result of the analysis carried out by the authors
actually applied methods of ensuring
integrity of document flow in
commercial companies. Unlike
models Biba and Bella-LaPadula, she
initially focused on needs
commercial customers, and, in the opinion
authors, is more adequate to their requirements,
than the previously proposed commercial
interpretation of the integrity model based on
gratings.
54

55. Clark-Wilson model

The basic concepts of the model under consideration are
transaction correctness and delimitation
functional responsibilities. The model specifies
computer operating rules
system and defines two categories of objects
data and two classes of operations on them. All
The data contained in the system is divided
into controlled and uncontrolled
data elements (constrained data items - CDI and
unconstrained data items - UDI, respectively).
The integrity of the former is ensured by the model
Clark-Wilson. The latter contain
information, the integrity of which is within
this model is not controlled (this is why
the choice of terminology is explained).
55

56. Clark-Wilson model

Next, the model introduces two classes of operations
over data elements: procedures
integrity control
verification procedures - IVP) and procedures
transformation
procedures - TR). The first of them
provide integrity check
controlled data elements (CDI),
the latter change the composition of the set of all
CDI (for example, converting UDI elements
in CDI).
56

57. Clark-Wilson model

The model also contains nine rules,
defining relationships
data elements and procedures in
process of system functioning.
57

58.

58

59. Biba model

The Beebe model is based on levels
integrity, similar to levels
Bell-Lapadula models. Unlike
Bella-Lapadula model reading
Now only upwards is allowed (from
subject to object, level of value
which exceeds the level of the subject),
and the recording is only down. Rules for this
models are complete
opposite to the rules of the model
Bella-Lapadula.
59

60. Biba model

Beebe's model considers
the following subject accesses to
objects and other subjects: access
subject to modify an object,
subject's access to read an object,
subject access to execute and
subject access to subject.
60

61. Biba model

The question deserves a separate comment:
what exactly is meant by Beebe's model?
integrity levels.
Indeed, in most applications
data integrity is considered as something
a property that is either preserved or not
persists - and the introduction of hierarchical
integrity levels can be represented
unnecessary.
In fact, the levels of integrity in the model
Biba should be considered as levels
reliability, and the corresponding
information flows - like transmission
information from a more reliable population
data into less reliable data and vice versa.

Taking into account the above, we will highlight three levels of formation of an information security regime:

· legislative and legal;

· administrative (organizational);

· software and hardware.

Legislative level includes a set of legislative and other legal acts establishing the legal status of subjects of information relations, subjects and objects of protection, methods, forms and means of protection, their legal status. In addition, standards and specifications in the field of information security belong to this level. The system of legislative acts and normative, organizational and administrative documents developed on their basis should ensure the organization of effective supervision over their implementation by law enforcement and implementation of measures of judicial protection and liability of subjects of information relations. Moral and ethical standards of behavior that have developed traditionally or are developing as computing tools spread in society can also be attributed to this level. Moral and ethical standards can be regulated by law, that is, in the form of a set of rules and regulations. The most typical example of such norms is the Code of Professional Conduct for Members of the US Computer Users Association. However, these norms are mostly not mandatory, like legislative measures.

Administrative level includes a set of mutually coordinated measures and technical measures that implement practical protection mechanisms in the process of creating and operating information security systems. The organizational level should cover all structural elements of data processing systems at all stages of their life cycle: construction of premises, system design, installation and adjustment of equipment, testing and inspection, operation.

Software and hardware level includes three sublevels: physical, technical (hardware) and software. The physical sublayer solves problems with constraints physical access to information and information systems, accordingly they relate to it technical means, implemented in the form of autonomous devices and systems not related to the processing, storage and transmission of information: system burglar alarm, surveillance system, means of physically preventing access (locks, fences, bars, etc.).

Security measures at the hardware and software sublevels are directly related to the information processing system. These tools are either built into the processing hardware or interfaced with them via a standard interface. Hardware includes parity information control circuits, key access circuits, etc. Software security, forming a software sublayer, includes special software used to protect information, for example antivirus package etc. Protection programs can be either separate or built-in. Thus, data encryption can be performed built-in operating system EFS file encryption system (Windows 2000, XP) or a special encryption program.

We emphasize that the formation of an information security regime is a complex systemic task, the solution of which is different countries differs in content and depends on factors such as the scientific potential of the country, the degree of introduction of information technology into the life of society and the economy, development production base, the general culture of society and, finally, traditions and norms of behavior.

Main tasks of information security:

1. protection of state secrets, i.e. secret and other confidential information that is the property of the state, from all types of unauthorized access, manipulation and destruction;
2. protection of the rights of citizens to own, dispose and manage their information;
3. protection of the constitutional rights of citizens to the privacy of correspondence, negotiations, and personal privacy;
4. protection of hardware and software information technology from erroneous actions of personnel and man-made impacts, as well as natural disasters;
5. protection of hardware and software information technology from intentional influences.

2. Principles for constructing information security systems

A systematic approach to information security presupposes the need to take into account all interconnected, interacting and time-varying elements, conditions and factors essential to ensuring the security of information systems.
Possibility of increasing protection. The security system must be built taking into account not only all known channels of penetration and unauthorized access to information, but also taking into account the possibility of the emergence of fundamentally new ways of implementing security threats.
An integrated approach involves the coordinated use of diverse information security tools.

Adequacy- ensuring the required level of protection with minimal costs for creating a protection mechanism and ensuring its functioning. It is important to correctly select the sufficient level of protection at which the costs, risk and scale of possible damage would be acceptable (risk analysis task).
Minimizing access privileges granted to users, e.g. Each user should be granted only the rights they really need to access system resources and data.

Complete control- mandatory control of all access to protected data.
Punishability of violations. The most common penalty is denial of access to the system.

Efficiency of the mechanism- ensuring minimal costs for the creation and operation of the mechanism.

Systematic principle boils down to the fact that in order to ensure reliable information protection in modern information systems, reliable and consistent protection must be provided in all structural elements, in all technological areas of automated information processing and during the entire operation of the information system.

Specialization, as a principle of organizing protection, assumes that a reliable protection mechanism can be designed and organized only by professional information security specialists. In addition, to ensure the effective functioning of the protection mechanism, appropriate specialists must be included in the IS.

The principle of informality means that the methodology for designing a protection mechanism and ensuring its functioning is informal. Currently, there is no engineering (in the traditional sense of the term) methodology for designing a protection mechanism. Design methods developed to date contain sets of requirements, rules, sequence and content of stages that are formulated at an informal level, i.e. their mechanical implementation is generally impossible.

Flexibility of the protection system. The measures taken and installed protective equipment, especially during the initial period of their operation, can provide either an excessive or insufficient level of protection. To ensure the ability to vary the level of security, security measures must have a certain flexibility. This property is especially important in cases where the installation of protective equipment must be carried out on a working system without disrupting its normal functioning.

Continuity of protection principle assumes that information protection is not a one-time event or even a certain set of measures taken and installed means of protection, but a continuous, purposeful process that involves taking appropriate measures at all stages of the IP life cycle. The development of a protection system must be carried out in parallel with the development of the protected system. This will allow security requirements to be taken into account when designing the architecture and, ultimately, create more efficient secure information systems.