Information security is brief. Information Security

Send your good work in the knowledge base is simple. Use the form below.

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

1. Basic concepts of information security and information security

information security protection

Protection of information - It is an activity to prevent the leakage of protected information, unauthorized and unintended effects on the protected information.

Object of protection - information, information carrier or information process for which it is necessary to ensure protection in accordance with the intended purpose of information protection.

The purpose of information security is This is the desired result of data protection. The purpose of protecting information may be to prevent damage to the owner, owner, user of information as a result of a possible information leakage and / or unauthorized and unintended impact on information.

The effectiveness of information security - the degree of compliance of the results of the protection of information to the goal.

Information leakage protection - activities to prevent the uncontrolled dissemination of protected information from its disclosure, unauthorized access (unauthorized access) to the protected information and the receipt of protected information by attackers.

Protection of information from disclosure - activities to prevent unauthorized bringing the protected information to an uncontrolled number of recipients of information.

Protection of information from unauthorized access - activities to prevent the receipt of protected information by the interested subject in violation of the rights or rules of access to the protected information established by legal documents or by the owner or owner of information. An interested entity carrying out the unauthorized access to the protected information may be the state, a legal entity, a group of individuals, including a public organization, an individual individual.

Information Security System - a set of bodies and / or executors, the information protection technique used by them, as well as objects of protection, organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents on information protection.

Under information security understand the security of information from unlawful acquaintance, transformation and destruction, as well as the security of information resources from the effects of disrupting their performance. The nature of these effects can be very diverse.

These include intrusion attempts, personnel errors, hardware and software failure, and natural disasters (earthquake, hurricane, fire), etc.

Modern automated system (AC) processing information is a complex system consisting of a large number of components of varying degrees of autonomy, which are interconnected and exchange data. Virtually every component can be exposed to or be damaged. Speaker Components can be divided into the following groups:

- hardware - computers and their components;

- software - purchased programs, source, object, load modules; OS and system programs, utilities, diagnostic programs, etc .;

- data - stored temporarily and permanently, on magnetic media, printed, archives, system logs, etc .;

- staff - service personnel and users.

One of the features of ensuring information security in the NPP is that such abstract concepts as information, objects and subjects of the system correspond to physical representations in the computer environment:

- to present information -- computer storage media in the form of external devices of computer systems, RAM, files, records, etc .;

- system objects - passive system components that store, receive or transmit information. Access to an object means access to the information contained in it;

- subjects of the system - active components of the system, which can cause the flow of information from the object to the subject or changes in the state of the system. The subjects can be users, active programs and processes.

2. Basic propertiesand information in relation to information security

Data confidentiality - this is the status granted to the data and determining the required degree of their protection. Confidential information should be known only to authorized and verified (authorized) subjects of the system (users, processes, programs). For other subjects of the system, this information should be unknown.

The establishment of gradations of the importance of protecting the protected information (the object of protection) is called categorization of protected information.

Under integrity of information the property of information is preserved to maintain its structure and / or content in the process of transfer and storage. Information integrity is ensured if the data in the system does not differ semantically from the data in the source documents, i.e., if there is no accidental or deliberate distortion or destruction thereof. Ensuring data integrity is one of the difficult tasks of protecting information.

Reliability of information - property information at the output of the system correspond to the information received at its input. Quantitatively D. and. estimated by such indicators as the time between the information error, the intensity of information errors, the probability of infallibility ... property information, expressed in strict belonging to the subject, which is its source, or to the subject from which this information is received.

Legal value of information It means that the document that is the information carrier has legal force.

Data availability. User work with data is possible only if he has access to them.

Access to the information -- obtaining by the subject the possibility of acquaintance with the information, including with the help of technical means. The subject of access to information - party relations in the information processes.

Prompt access to information - is the ability of information or some information resource to be accessible to the end user in accordance with its operational needs.

Information Owner - a subject that fully implements the powers of possession, use, disposal of information in accordance with legislative acts.

Information owner - an entity engaged in the possession and use of information and exercising the powers of disposal within the rights established by law and / or the owner of the information.

User (consumer) information - a subject using information received from its owner, owner or intermediary in accordance with established rights and rules for access to information or with their violation.

Right to access information ~ a set of rules for access to information established by legal documents or by the owner or owner of information.

Information Access Rule - a set of rules governing the procedure and conditions for the subject's access to information and its carriers.

There are authorized and unauthorized access to information.

Authorized access to information is access to information that does not violate the established access control rules. Access control rules are used to regulate the right of access to system components.

Unauthorized access to information - violation of the established rules of access control. A person or process carrying out an unauthorized access to information is violating the rules of access control. NSD is the most common type of computer violations.

Responsible for protecting a computer system from unauthorized access to information is security administrator.

3. Identification, authentication, authorization

ANDidentifiersubject - some information that identifies the subject. The entity that has a registered ID is legal (legal) subject. Subject Identification - This is the procedure for recognizing a subject by its identifier. Identification is performed when the subject attempts to log on to the system (network). Subject Authentication - this is the authentication of the subject with the given identifier. The authentication procedure establishes whether the subject is exactly who he declared himself to be. Subject Authorization - This is the procedure for providing a legal entity that has successfully passed the identification and authentication of the relevant authority and available resources of the system (network).

4. Information Security Threat Analysis

Under threatened (in a general sense) usually understand a potential event (impact, process or phenomenon) that could lead to damage to someone’s interests. Further under security threat AS information processing will understand the possibility of exposure to the AU, which directly or indirectly may damage its security.

The classification of possible threats to information security of the AU can be carried out according to the following basic criteria.

By the nature of occurrence:

natural threats caused by the effects on the AU of objective physical processes or natural phenomena;

artificial threats loudspeaker safety caused by human activities.

By the degree of intentional manifestation:

threats caused by errors or negligence personnel, for example, incompetent use of protective equipment, erroneous data input, etc .;

threats of deliberate actionsuch as the actions of intruders.

By direct source of threats:

natural environmenteg natural disasters, magnetic storms, etc .;

personfor example, recruiting by bribing personnel, disclosing confidential data, etc .;

authorized hardware and softwareFor example, data deletion, OS failure;

unauthorized software / hardware, for example, computer infection with viruses with destructive functions.

According to the position of the source of threats:

outside the controlled zone of the AU, for example, interception of data transmitted via communication channels, interception of spurious electromagnetic, acoustic and other radiation devices;

within the controlled area of \u200b\u200bthe AUsuch as the use of listening devices, the theft of printouts, recordings, storage media, etc .;

directly to the speakers, for example, incorrect use of AS resources.

According to the degree of dependence on the activity of the AU:

regardless of the activity of the AU, for example, the opening of information encryption ciphers;

only during data processing, for example, threats to the execution and spread of software viruses.

According to the degree of impact on the AU:

passive threatswhich, when implemented, do not change anything in the structure and content of the AU, for example the threat of copying secret data;

active threatswhich, when exposed, make changes in the structure and content of the AU, for example, the introduction of Trojan horses and viruses.

By stages of user or program access to resources

threats that appear at the stage of access to the resources of the AU, for example, threats of unauthorized access to the AU;

threats that manifest themselves after allowing access to AU resources, such as the threat of unauthorized or incorrect use of the resources of the AU.

By way of access to the resources of the AU:

threats made using the standard access path to the AU resources, for example, illegal receipt of passwords and other details of access control with subsequent disguise as a registered user;

threats made by using a hidden non-standard path to access to AC resources, for example, unauthorized access to AS resources by using undocumented OS capabilities.

At the current location of the information stored and processed in the AU:

threats to access information stored on external storage devicesFor example, unauthorized copying of sensitive information from the hard disk;

threats to accessing information in memory, for example, reading residual information from RAM, access to the system memory area by application programs;

threats of access to information circulating in communication lines,for example, illegal connection to communication lines with the subsequent entry of spurious messages or modification of transmitted messages, illegal connection to communication lines for the purpose of direct substitution of a legitimate user, followed by entering disinformation and imposing false messages;

information access threatsdisplayed on the terminal or printed on the printer , for example, recording the displayed information on a hidden video camera.

Reasons random effectswhen operating the AU can be:

· Emergency situations due to natural disasters and power outages;

· Equipment failures and failures;

· Software bugs;

· Errors in the work of staff and users;

· Interference in communication lines due to the effects of the external environment.

Errors in software are a common type of computer disturbance. Software servers, workstations, routers, etc. written by people, so it almost always contains errors. The higher the complexity of such software, the greater the likelihood of detecting errors and vulnerabilities in it. Most of them do not pose any danger, some can lead to serious consequences, such as the attacker gaining control over the server, server malfunction, unauthorized use of resources (using a computer as a springboard for an attack, etc.). Usually such errors are eliminated with the help of service packs regularly released by the software manufacturer. Timely installation of such packages is a prerequisite for the security of information.

Intentional Threatsassociated with targeted actions of the offender. As a violator can be an employee, a visitor, a competitor, a mercenary, etc.

5. NSD to informations. Ways to get tamper switch

Unauthorized access- the most common and diverse form of computer violations. The essence of unauthorized access is to obtain the user (violator) access to the object in violation of the rules of access control, established in accordance with the organization’s security policy. NSD uses any error in the protection system and is possible with the irrational choice of protection means, their incorrect installation and configuration. The unauthorized access system can be implemented as standard means of the AU, and specially designed hardware and software.

The main channels of unauthorized access through which the violator can access the components of the AU and carry out the theft, modification and / or destruction of information:

· Regular channels of access to information when they are used by violators, as well as by legitimate users outside their authority;

· Technological control panels;

· Lines of communication between the AU hardware;

· Side electromagnetic radiation from equipment, communication lines, power supply networks and grounding, etc.

Of the variety of methods and techniques of unauthorized access, we will focus on the following common and related violations:

· Interception of passwords;

· “Masquerade”;

· Illegal use of privileges.

Interception of passwords carried out by specially designed programs. When a legitimate user attempts to log in to the system, the interceptor program simulates on the display screen the input of the username and password of the user, which are immediately forwarded to the owner of the interceptor program, after which an error message is displayed on the screen and the OS returns control.

"Masquerade" - This is the performance of any actions by one user on behalf of another user who has the appropriate authority. The purpose of the “masquerade” is to assign any actions to another user or to assign the authority and privileges of another user. Examples of the implementation of the "masquerade" are:

· Login to the system under the name and password of another user;

· Sending messages on the network on behalf of another user.

“Masquerade” is especially dangerous in banking electronic payment systems, where improper identification of a client due to the “masked ball” of an attacker can lead to large losses for the bank’s legal client.

Illegal use of privileges. Most security systems establish specific sets of privileges to perform specified functions. Each user gets his own set of privileges: ordinary users - the minimum, administrators - the maximum. Unauthorized seizure of privileges, for example, by means of a “masquerade”, leads to the possibility of the offender carrying out certain actions to bypass the protection system. It should be noted that the illegal seizure of privileges is possible either in the presence of errors in the protection system, or due to the negligence of the administrator in managing the system and assigning privileges.

It is considered that, regardless of the specific types of threats or their problem-oriented classification, the AU satisfies the needs of its operators if the following important properties of the information and its processing systems are ensured: confidentiality, integrity and availability.

In other words, in accordance with the existing approaches, it is considered that the information security of the NPP is ensured if certain levels are maintained for the information resources in the system:

· Confidentiality (impossibility of unauthorized receipt of any information);

· Integrity (impossibility of unauthorized or accidental modification);

· Accessibility (the ability to obtain the required information in a reasonable time).

7. General safety criteria

Common criteria are a collection of independent but interrelated parts.

Presentation and general model - defines the overall concept and principles of IT security assessment, the overall assessment model, and designs for building IT security objectives, for selecting and defining IT security requirements and for describing high-level specifications for products and systems. In addition, it provides categories of users with an indication of the different parts of the OC, where their interests in the safety assessment criteria are presented.

Security Feature Requirements - establishes a set of functional components as a standard way of expressing functional requirements for the objects of assessment.

Security Assurance Requirements - It includes assessment guarantee components, grouped into families and classes, as well as assessment guarantee levels, which determine the ranking according to the degree of satisfaction of requirements, and also the evaluation criteria for security profiles and security assignments.

Predefined security profiles - contain examples of protection profiles, including functional safety requirements and evaluation guarantee requirements that were identified in the baseline criteria (ITSEC, CTCRES, FC, TCSEC), as well as requirements not represented in the baseline criteria.

8. General criteria concepts

In accordance with the OK concept, the security requirements of the object of assessment are divided into two categories: functional requirements and warranty requirements.

AT functional requirements ok describes the functions of the object of evaluation, which ensure IT security. For example, functional requirements include identification requirements, authentication (authentication) of users, logging (auditing), etc.

Warranty Requirements reflect the quality of the object of assessment, giving the basis for confidence that the required security measures of the object are implemented correctly and efficiently. Warranty is obtained on the basis of the study of the purpose, structure and functioning of the object of evaluation.

In OC, functional and warranty requirements are presented in the same general style and use the same organization and terminology.

Term the class used for the most common grouping of security requirements. All class members share a common intent with a difference in the scope of security objectives.

Class members are named families. A family is a grouping of sets of security requirements that ensure the fulfillment of a certain part of the security objectives, but may differ in emphasis or rigidity.

Family members are named components. A component describes a specific set of security requirements — the smallest set of security requirements for inclusion in structures defined in QA.

Components are built from items. The element is the lowest and indivisible level of security requirements, at which their satisfaction is assessed.

Organization of security requirements in QA hierarchy class-family-component-element helps the consumer to correctly identify components as soon as the security threats to the object of assessment are identified.

9. Basic conceptssecurity policies

Security policy - a set of laws, rules and norms of behavior that determine how an organization processes, protects and disseminates information. For example, the rules determine when a user has the right to operate with certain data sets and the more reliable the system, the stricter and more diverse the security policy should be. Depending on the formulated policy, you can choose specific mechanisms that ensure the security of the system. Security policy is an active component of protection, which includes the analysis of possible threats and the choice of countermeasures.

The security policy determines the management strategy of the information security field, as well as the measure of attention and the amount of resources that it considers appropriate to provide guidance. The security policy is structured based on a risk analysis that is recognized as real for the organization’s IP.

When a risk analysis is conducted and a strategy is determined to protect the state of the programs, the implementation of which should ensure IS The determination of the order of control is determined by the program.

The security policy is usually drawn up in the form of documents, including such sections as description of problems, areas of application, positions of the organization, distribution of roles and responsibilities, sanctions, etc.

Description of the problems.Information circulating within the local network is critical. The local network allows users to share programs and data, which increases the security risk, so every computer on the network needs more protection. These enhanced security measures are the subject of this document.

Application area. The scope of this policy covers all hardware, software and information resources included in the local network of the enterprise.

Position of the organization. The main objectives are to ensure the integrity, availability and confidentiality of data, as well as their completeness and relevance.

10. Rasassignment of roles and responsibilities

Division Heads responsible for communicating the provisions of the security policy to users and for contacts with them.

LAN Administrators ensure the continued operation of the network and are responsible for implementing the technical measures necessary to implement the security policy.

Service Administrators responsible for specific services, and in particular for building protection in accordance with the general security policy.

Users they work with the local network in accordance with the security policy, obey the instructions of the persons responsible for certain aspects of security, inform the management about all suspicious situations.

Sanctions. Violation of the security policy may expose the local network and the information circulating in it to unacceptable risk. Cases of security breaches by personnel should be promptly reviewed by management for disciplinary action, up to and including dismissal.

Management measures to ensure information security

The main goal of measures taken at the managerial level is the formation of a work program in the field of information security and ensuring its implementation by allocating the necessary resources and implementing regular monitoring of the state of affairs. The basis of this program is a multi-level security policy, reflecting the organization’s integrated approach to protecting its resources and information assets.

From a practical point of view, security policies can be divided into three levels : upper, middle and lower.

Upper level Security policies determine decisions affecting the organization as a whole. These decisions are very general in nature and come, as a rule, from the leadership of the organization.

Such solutions may include the following elements:

* formulation of the goals pursued by the organization in the field of information security, the definition of general directions in achieving these goals;

* formation or revision of a comprehensive program to ensure information security, identifying those responsible for promoting the program;

* providing a material base for compliance with laws and regulations;

* formulation of management decisions on the implementation of the security program, which should be considered at the level of the organization as a whole.

The average level of security policy determines the resolution of issues related to certain aspects of information security, but important for various systems operated by the organization. Examples of such issues are attitudes towards Internet access (the problem of combining the freedom to receive information with protection against external threats), the use of home computers, etc.

Lower level Security policy refers to specific services. It includes two aspects - goals and rules for their achievement; therefore, it is sometimes difficult to separate from implementation issues. In contrast to the two upper levels, the policy in question should be more detailed, that is, following the lower level security policy, it is necessary to answer, for example, the following questions:

* who has the right to access the objects supported by the service;

* how remote access to the service is organized.

11. Security Policy Structure

Typically, security policies include basic security policies, specialized security policies, and procedural security policies.

The main provisions of an organization’s security policy are described in the following documents:

1. Review of security policy - reveals the purpose of security policy, describes the structure, sets out in detail who is responsible for what;

2. Description of the basic security policy - defines the allowed and prohibited actions, as well as the necessary controls;

3. Security Architecture Guide - describes the implementation of security mechanisms in a computer architecture used in an organization’s network.

The main component of an organization’s security policy is a basic security policy.

12. Security procedures

Security procedures are a necessary and important addition to security policies. Security policies only describe what should be protected and what are the basic rules of protection. Security procedures determine how to protect resources and what are the mechanisms for enforcing a policy, i.e., how to implement security policies.

Essentially, security procedures are step-by-step instructions for performing operational tasks. Often a procedure is the tool by which a policy is transformed into a real action.

Security procedures detail the actions to be taken when responding to specific events; provide quick response in a critical situation; help troubleshoot single point failure.

Many security related procedures should be standardized in any department. Examples include procedures for backing up and off-system storage of protected copies, as well as procedures for taking the user out of the active state and / or archiving the user’s login and password, applied as soon as the user leaves the organization.

13 . Basic concepts of cryptographic protection of information

Under cipher understand the set of reversible transformations of a set of open data to a set of encrypted data defined by a key and a cryptographic conversion algorithm. There are many different cryptographic algorithms. The purpose of these algorithms is information security. Protecting the same information comes from different threats and in different ways. In order to provide reliable and adequate protection using a cryptoalgorithm (QA), you need to understand what kind of QA are and what type of algorithm is better suited to solve a specific problem.

Hashing

Symmetric encryptionuses the same key for both encrypting and decrypting information.

Symmetric encryption is divided into two types: block and flow, although it should be noted that in some classifications they are not separated and it is considered that stream encryption is encryption of units of unit length.

Block encryptioncharacterized by the fact that the information is pre-divided into blocks of fixed length (for example, 64 or 128 bits). At the same time, in different spacecraft or even in different modes of operation of the same algorithm, blocks can be encrypted both independently of each other and “with coupling”, that is, when the result of encryption of the current data block depends on the value of the previous block or on the result encrypt the previous block.

Stream encryptionfirst of all, it is used when the information cannot be divided into blocks - say, there is a certain data stream, each character of which needs to be encrypted and sent, without waiting for the rest of the data sufficient to form a block. Stream encryption algorithms encrypt data bit by bit or by character.

Asymmetric encryption

Electronic Digital Signature (EDS)used to reliably confirm the integrity and authorship of the data.

1 4 . Symmetric cryptosystem encryption

In symmetric cryptographic algorithms, the same block of information (key) is used to encrypt and decrypt a message. Although the algorithm for influencing the transmitted data may be known to unauthorized persons, it depends on the secret key, which only the sender and the recipient must possess. Symmetric cryptoalgorithms convert a small block of data (1 bit or 32-128 bits) depending on the secret key in such a way that you can read the original message only if you know this secret key.

Symmetric cryptosystems make it possible to encode and decode files of arbitrary length based on symmetric cryptoalgorithms.

A characteristic feature of symmetric block cryptoalgorithms is the transformation of a block of input information of a fixed length and the receipt of a result block of the same volume, which is inaccessible for reading by third parties who do not own the key.

A cryptographic algorithm is considered to be perfectly persistent if, in order to read an encrypted data block, it is necessary to iterate through all possible keys until the decrypted message is meaningful. In the general case, the strength of a block cipher depends only on the key length and increases exponentially with its growth. Ideally strong cryptographic algorithms must satisfy another important requirement. The key to which this conversion was made, with known source and encrypted block values, can be recognized only by going through its values.

15 . Asymmetric cryptographic algorithms

Asymmetric encryptioncharacterized by the use of two types of keys: open - to encrypt information and secret - to decrypt it. The secret and public keys are related to each other in a rather complicated relationship.

The RSA cryptographic algorithm was proposed in 1978. It became the first public key algorithm that can work both in data encryption mode and in digital signature mode. The reliability of the RSA algorithm is based on the difficulty of factoring large numbers

In an asymmetric RSA cryptosystem, the number of keys used is related to the number of subscribers by a linear relationship (in a system of N users, 2N keys are used), and not quadratic, as in symmetric systems.

It should be noted that the performance of RSA is significantly lower than the performance of DES, and the software and hardware implementation of the RSA cryptoalgorithm is much more complicated than DES. Therefore, the RSA cryptosystem is usually used when transmitting a small volume of messages.

16 . Electronic digitali have signature and hashing functions

Electronic digital signature (EDS) is used to reliably confirm the integrity and authorship of the data.

Hashing- this is a cryptographic method, which is a control transformation of information: from a data of unlimited size by performing cryptographic transformations a hash value of a fixed length is calculated that uniquely corresponds to the initial data.

The hashing algorithm can be described as follows.

Step 1. Initializing the hash value register. If the message length does not exceed 256 bits - go to step 3; if it exceeds, go to step 2.

Step 2. Iterative calculation of 256-bit hash values \u200b\u200bof hash data blocks using the previous block hash values \u200b\u200bstored in the register. The calculation includes the following actions:

* generation of encryption keys based on a block of hashed data;

* Encryption of the hash values \u200b\u200bstored in the register in the form of four blocks of 64 bits each according to the algorithm of GOST 28147--89 in the simple replacement mode;

* mixing the result.

The calculation is performed until the length of the raw input data is less than or equal to 256 bits. In this case, go to step 3.

Step 3. Supplement the bit zeros of the raw part of the message to 256 bits. The calculation of the hash value is the same as step 2. As a result, the desired hash value appears in the register.

17 . Authentication, authorization and adminuser action

The subject identifier is some information that uniquely identifies it. This can be a number or a string of characters that names this subject.

Identification - procedure of recognition of the user by his identifier (name). This function is performed when the user makes an attempt to enter the network.

Authentication - the authentication procedure of the claimed user, process or device. This check allows you to reliably verify that the user (process or device) is exactly who he declares himself to be.

Identification and authentication are interrelated processes of recognition and authentication of subjects (users). The subsequent decision of the system depends on them: whether it is possible to allow access to system resources to a specific user or process. After the subject is identified and authenticated, it is authorized.

Authorization - The procedure for providing the subject with certain powers and resources in this system. In other words, authorization establishes the scope of its operation and the resources available to it. If the system cannot reliably distinguish an authorized person from an unauthorized person, then the confidentiality and integrity of information in this system may be violated.

Administration - registration of user actions in the network, including his attempts to access resources.

Depending on the entity entity being presented, the authentication processes can be divided based on:

* knowledge of something. Examples include a password, personal identification code PIN, and secret and public keys.

* owning something. These are usually magnetic cards, smart cards, certificates and devices;

* any inherent characteristics. This category includes methods based on checking the user's biometric characteristics (voice, iris and retina, fingerprints, palm geometry, etc.).

18 . Password Based Authentication

The basic principle of "single sign-on" implies the sufficiency of a one-time user authentication procedure to access all network resources. Therefore, in modern operating systems, a centralized authentication service is provided, which is performed by one of the network servers and uses a database (DB) for its work. This database stores credentials for network users, including user IDs and passwords, as well as other information.

The procedure of simple user authentication in the network can be represented as follows. When attempting to log on to the network, the user dials his ID and password. This data is sent to the authentication server for processing. In the database stored on the authentication server, by the user ID is the corresponding entry. The password is extracted from it and compared with the password entered by the user. If they match, the authentication is successful - the user receives a legal status and receives those rights and network resources that are defined for his status by the authorization system.

Authentication schemes based on traditional reusable passwords are not secure enough. Such passwords can be intercepted, solved, spied, or simply stolen. More reliable are authentication procedures based on one-time passwords.

The essence of the one-time password scheme is the use of different passwords with each new request for access. A one-time dynamic password is valid only for one login, and then it expires. Even if it is intercepted, it will be useless. A dynamic password mechanism is one of the best ways to protect the authentication process from outside threats. Typically, one-time password authentication systems are used to verify remote users.

One-time passwords can be generated by hardware or software.

19 . OS security threats

OS security threats can be classified according to various aspects of their implementation.

1. For the purpose of the attack:

* unauthorized reading of information;

* unauthorized change of information;

* unauthorized destruction of information;

* full or partial destruction of the OS.

2. According to the principle of impact on the operating system.

* use of known (legal) channels for obtaining information; for example, the threat of unauthorized reading of a file, the access of users to which is defined incorrectly, that is, access is allowed to the user who, according to the security policy, access should be denied;

* the use of hidden channels of information; for example, the malicious use of undocumented OS capabilities;

* creating new channels for receiving information using program bookmarks.

3. By the type of security vulnerability used by an attacker:

* inadequate security policy, including system administrator errors;

* errors and undocumented features of the OS software, including the so-called hatches - accidentally or intentionally built into the system "service inputs", allowing to bypass the protection system;

* previously implemented software tab.

4. By the nature of the impact on the operating system:

* active impact - unauthorized actions of the attacker in the system;

* passive impact - unauthorized observation of the attacker on the processes occurring in the system.

Threats to the security of the OS can also be classified according to such features as: the way in which the attacker acted, the means of attack used, the object of attack, the method of influence on the object of attack, the state of the OS object attacked at the time of the attack.

The OS may be subject to the following typical attacks:

* file system scan. The attacker scans the file system of the computer and tries to read (or copy) all the files in a row. Sooner or later, at least one administrator error is detected. As a result, the attacker gains access to information that should be prohibited to him;

* password selection. There are several methods for selecting user passwords:

Total bust;

Total brute force, optimized by the statistics of the occurrence of characters or using dictionaries;

Selection of a password using the knowledge of the user (his name, surname, date of birth, telephone number, etc.);

* stealing key information. An attacker can spy on the password typed by the user, or recover the password typed by the user by the movements of his hands on the keyboard. The key information media (smart card) can simply be stolen;

* garbage collection. In many operating systems, information destroyed by the user is not physically destroyed, but is marked as destroyed (the so-called garbage). The attacker recovers this information, scans it and copies the fragments of interest;

* abuse of authority. The attacker, using bugs in the software of the OS or security policy, receives powers that are greater than those granted to him in accordance with the security policy. This is usually achieved by running the program on behalf of another user;

* program bookmarks. Software bookmarks implemented in the OS do not have significant differences from other classes of software bookmarks;

* greedy programs are programs that intentionally capture a significant portion of computer resources, with the result that other programs cannot run or run extremely slowly. Running a greedy program can crash the OS.

20 . The concept of a secure OS

An operating system is called protected if it provides the means of protection against the main classes of threats. A secure operating system must necessarily contain means of delimiting user access to its resources, as well as means of authenticating the user who starts working with the operating system. In addition, a protected OS must contain means to counter accidental or intentional OS decommissioning.

If the OS provides protection not from all major classes of threats, but only from some, such OS is called partially protected.

Approaches to building secure OS

There are two main approaches to creating secure operating systems - fragmented and complex. With a fragmentary approach, protection against one threat is first organized, then against another, etc. An example of a fragmentary approach is the situation when an unprotected OS is taken as a basis, an anti-virus package, an encryption system, a system for recording user actions, etc. are installed on it.

When using a fragmentary approach, the OS protection subsystem is a set of disparate software products, usually from different manufacturers. These software tools operate independently of each other, while it is almost impossible to organize their close interaction. In addition, individual elements of such a protection subsystem may not work correctly in the presence of each other, which leads to a sharp decrease in the reliability of the system.

With an integrated approach, the protective functions are introduced into the OS at the design stage of the OS architecture and are an integral part of it. Separate elements of the protection subsystem, created on the basis of an integrated approach, closely interact with each other in solving various tasks related to the organization of information protection, therefore conflicts between its individual components are almost impossible. As a rule, the OS protection subsystem, created on the basis of an integrated approach, is designed so that its individual elements are replaceable. Corresponding software modules can be replaced by other modules.

21 . The main functions of the OS security subsystem

The OS protection subsystem performs the following main functions.

1. Identification and authentication. No user can start working with the OS without identifying himself or providing the system with authentication information confirming that the user really is who he claims to be.

2. Access control. Each user of the system has access only to those objects of the OS to which he has been granted access in accordance with the current security policy.

3. Audit. The OS records in a special log events that are potentially dangerous to maintain the security of the system.

4. Security policy management. The security policy must be constantly maintained in an adequate state, that is, it must flexibly respond to changes in the operating conditions of the operating system. Security policy is managed by system administrators using appropriate tools built into the OS.

5. Cryptographic functions. Information security is unthinkable without the use of cryptographic security tools. Encryption is used in the OS when storing and transferring over communication channels user passwords and some other data that are critical to the security of the system.

6. Network functions. Modern operating systems, as a rule, do not work in isolation, but as part of local and / or global computer networks. The operating systems of computers on the same network interact with each other to solve various tasks, including tasks that are directly related to information security.

2 2. Access control OS objects

The basic concepts of the process of differentiating access to objects of the OS are the object of access, the method of access to the object and the subject of access.

Access object (or simply an object) is called any element of the OS, access to which users and other subjects of access can be arbitrarily limited. The ability to access OS objects is determined not only by the OS architecture, but also by the current security policy. Objects of access mean both hardware resources and software resources, i.e. all that access is controlled.

Access method an object is an operation defined for an object. The type of operation depends on the objects. For example, a processor can only execute commands, memory segments can be written and read, a magnetic card reader can only read, and file access can be defined as read, write, and add.

Access subject call any entity capable of initiating operations on objects (accessing objects by some access methods). It is usually assumed that the set of access subjects and the set of access objects do not overlap. Sometimes the subjects of access include processes running in the system. However, it is more logical to assume that the subject of access is the user on whose behalf the process is performed. Naturally, the subject of access means not a physical user working with a computer, but a “logical” user on whose behalf the OS processes are running.

Thus, the access object is what is being accessed, the subject of access is the one who accesses, and the access method is how the access is performed.

23 Audit

The audit procedure in relation to the OS is to register in a special log, called an audit log or security log, events that may be dangerous to the OS. Users of the system with the right to read the audit log are called auditors.

Among the events that may pose a danger to the OS are usually the following:

* login or logout;

* file operations (open, close, rename, delete);

* access to a remote system;

* change of privileges or other security attributes.

Audit requirements . OS audit subsystem must meet the following requirements.

1. Only the OS can add entries to the audit log.

2. No subject of access, including the OS itself, can edit or delete individual entries in the audit log.

3. Only users with the corresponding privilege can view the audit log.

4. Only audi-tori users can clear the audit log. After clearing the log, an entry is automatically made to it that the audit log has been cleared, indicating the log clearing time and the name of the user who cleared the log. The OS must support the ability to save the audit log before clearing it in another file.

5. When the OS audit log is full, the OS crashes (hangs). After a reboot, only auditors can work with the system. The OS goes to normal operation only after clearing the audit log.

Audit policy - is a set of rules that determine which events should be recorded in the audit log. To ensure reliable OS protection, the following events must be recorded in the audit log:

* attempts to log in / out users from the system;

Basic concepts of information security.

Consider a number of definitions used in the description of the means and methods of information protection in automated processing systems, built on the basis of computer technology.

A computer system (CS) is an organizational and technical system representing a combination of the following components:

Technical means of processing and transmitting data;

Methods and processing algorithms in the form of appropriate software;

Data (information on various media and being processed);

Users (people using the COP to meet information needs);

Object (any element of the COP, access to which can be arbitrarily limited);

Subject (any entity capable of initiating operations on an object — users, processes).

Information security is a state of the CS, in which it is able to withstand the destabilizing effects of external and internal information threats without creating the same threats to the elements of the CS itself and the external environment.

Information confidentiality is a property of information to be accessible only to a limited circle of end users and other subjects of access who have undergone appropriate verification and are allowed to use it.

Information integrity is the property to preserve its structure and content during storage, use and transfer.

Reliability of information is a property expressed in the strict belonging of information to the subject, which is its source.

Access to information - the ability of the subject to carry out certain actions with information.

Authorized access to information - access with the implementation of the rules of access control to information.

Unauthorized access to information (NSD) - access in violation of the rules of delimitation of access of the subject to information, using standard means provided by the COP (software or hardware).

Access control rules - regulation of the subject's access rights to a specific component of the system.

Identification - receiving from the subject of access to information that allows you to select it from a variety of subjects (name, serial or account number, etc.).

Authentication - receiving information from the subject confirming that the identifiable subject is who he claims to be (password, biometric parameters, etc.).

The threat of information security of the COP - the possibility of influencing information processed by the COP, with a view to its distortion, destruction, copying or blocking, as well as the possibility of impact on the components of the COP, leading to failure of their operation.

The vulnerability of the COP - any characteristic that may lead to the realization of the threat.

Attack of the COP - the attacker's actions taken to detect the vulnerability of the COP and obtain unauthorized access to information.

Safe or secured by the CS - CS, equipped with protective measures to counter security threats.

A set of protection means a set of hardware and software tools that ensure information security.

Security policy - a set of rules and regulations governing the operation of means of protection against a given set of threats.

Discretionary model of access control - a way to differentiate the access of subjects to objects, in which access rights are defined by some list of access rights of the subject to the object. The implementation of this model is a matrix, the rows of which are the subjects, and the columns are the objects; matrix elements characterize the set of access rights.

The plenipotentiary model of access control is a way to differentiate the access of subjects to objects, in which each object is assigned a level of secrecy, and each subject has a level of trust in it. In this case, the subject can gain access to the object if its level of trust is not less than the level of secrecy of the object.

Under information security understand the state of security of processed, stored and transmitted data from unlawful familiarization, conversion and destruction, as well as the state of security of information resources from impacts aimed at disrupting their performance.

The nature of these effects can be very diverse. These include intrusion attempts, personnel errors, and hardware and software failure, natural disasters (earthquake, hurricane, fire, etc.). The main security threats in corporate computer networks are analyzed in detail in Section 2.

Information security of computer systems and networks is achieved by taking a set of measures to ensure the confidentiality, integrity, reliability, legal value of information, speed of access to it, as well as to ensure the integrity and availability of information resources and components of the system or network. The listed basic properties of the information need more complete interpretation.

Confidentiality of information - this is its property to be accessible only to a limited circle of users of the information system in which this information circulates. In essence, confidentiality of information is its property to be known only to authorized and verified subjects of the system (users, processes, programs). For the rest of the subjects of the system information should be unknown.

Under integrity of information its property is to preserve its structure and / or content in the process of transfer and storage. The integrity of information is ensured if the data in the system does not differ in semantic terms from the data in the source documents, that is, if there is no accidental or intentional distortion or destruction thereof.

Reliability of information - property, expressed in the strict belonging of information to the subject, which is its source, or to the subject, from which it is accepted.

Legal value of information means that the document, which is the carrier of information, has legal force.

Under access to information it means understanding and processing information, in particular, copying, modification or destruction. There are authorized and unauthorized access to information. Authorized access to information does not violate the established rules of access control.

Unauthorized access characterized by violation of the established rules of access control. A person or process carrying out unauthorized access to information violates such access control rules. Unauthorized access is the most common type of computer violation.

Access Control Rules serve to regulate the access rights to system components.

Prompt access to information - is the ability of information or some information resource to be available to the end user in accordance with its operational needs.

The integrity of the resource or system component - this is its property to be unchanged in the semantic sense when the system functions under conditions of random or deliberate distortion or destructive influences.

Availability of a resource or system component - this is his property to be available to legitimate users of the system. A group of such concepts as identification, authentication, authorization is associated with the access to information and resources of the system.

Each object of the system (network) is associated with some information (number, character string) that identifies the object. This information is identifier system object (network). An object with a registered identifier is considered legal (legal ).

Object identification - this is the procedure for recognizing an object by its identifier. It is executed when an object attempts to enter the system (network).

The next stage of interaction of the system with the object is authentication. Object Authentication Is the authentication of the object with the given identifier. The authentication procedure establishes whether the object is exactly what it declared itself to be.

After identifying and authenticating the object, authorization is performed.

Authorization of the object - This is the procedure for providing a legitimate entity that has successfully passed the identification and authentication of the relevant authority and available resources of the system (network).

Under security threat For a system (network), possible impacts that are directly or indirectly detrimental to its security are understood. Security damage implies a violation of the state of security of information contained and processed in the system (network).

The concept of computer system (network) vulnerability is closely related to the concept of security threat. System vulnerability (network) is any characteristic of a computer system, the use of which may lead to the realization of a threat.

Attack on computer system (network) is an action taken by an attacker in order to find and use a particular system vulnerability. Thus, an attack is a realization of a security threat.

Countering security threats is the goal that computer systems and networks are designed to accomplish. Safe or secure system - It is a system with security features that successfully and effectively confront security threats.

Complex of means of protection is a set of software and hardware network. A set of protection tools is created and maintained in accordance with the information security policy of the system adopted by the organization.

Security policy - is a set of rules, regulations and practical recommendations governing the operation of computer system (network) protection tools against a given set of security threats.

Corporate networks are distributed computer systems that perform automated information processing. The problem of ensuring information security is central to such computer systems. Securing a corporate network involves organizing countering any unauthorized intrusion into the corporate network, as well as attempts to modify, theft, disable or destroy its components, that is, protect all components of the corporate network (hardware, software, data and personnel).

There are two approaches to the problem of ensuring the security of a corporate network: “fragmented” and complex.

« Fragmentary » an approach aimed at countering well-defined threats in the given conditions. As examples of the implementation of this approach, you can specify: separate access control tools, standalone encryption tools, specialized anti-virus programs, etc. The advantage of this approach is the high selectivity to a specific threat. A significant drawback of it is the lack of a unified secure information processing environment. Fragmentary measures to protect information provide protection of specific objects of the corporate network only from a specific threat. Even a slight modification of the threat leads to a loss of protection effectiveness.

A complex approach focused on creating a secure information processing environment in the corporate network, bringing together heterogeneous countermeasures to threats. The organization of a protected information processing environment allows you to guarantee a certain level of corporate network security, which can be attributed to the undoubted advantages of an integrated approach. Its disadvantages include restrictions on the freedom of action of users of the corporate network, sensitivity to errors in installing and configuring protection tools, and complexity of management.

An integrated approach is used to protect corporate networks of large organizations or small corporate networks that perform responsible tasks or process sensitive information. Violation of information security in corporate networks of large organizations can cause enormous material damage, both to the organizations and to their customers. Therefore, such organizations are forced to pay special attention to security guarantees and implement comprehensive protection. An integrated approach adheres to the majority of state and large commercial enterprises and institutions. This approach is reflected in various standards.

A comprehensive approach to security is based on a security policy developed for a specific corporate network.

Definition and purpose of information security.

In conversations with data protection specialists, it is often found that the views and terminology in this relatively new field sometimes differ almost to the opposite. With the direct question of defining information security, one can hear such multi-level terms as “data protection”, “control of use”, “fight against hackers”, etc.

Meanwhile, there are established definitions of information security itself and the circle of concepts adjacent to it. Sometimes they differ from different specialists (or schools). It happens, in the definitions they simply use synonyms, sometimes even whole groups of concepts are interchanged. Therefore, initially it is necessary to clearly define what will be discussed in this article. Although both authors received education in the field of information security completely independently of each other, nevertheless, their definitions and concepts almost coincide, so it was decided to use this particular approach. For the whole area of \u200b\u200bknowledge covered by this book, the term "information security" will be used. Sometimes, especially in the classification of foreign employment agencies, “information security” is considered as one of the subsections of general security, along with such concepts as “computer security”, “network security”, “telecommunications security”, “data security”.

In our opinion, the concept of "information security" is broader, as it covers everything that interacts with information, and all of the above concepts are subsections or specific areas of information security.

Information security is a set of measures that provides the following factors for the information it covers:

confidentiality - the opportunity to get acquainted with the information (it is with the data or information that carries the semantic load, and not the sequence of bits representing them) are available only to those persons who possess the relevant powers;
integrity - the ability to make a change in the information (again, this is a semantic expression) should be only those who are authorized to do so;
availability - the possibility of obtaining authorized access to information by authorized persons in the appropriate period of time authorized for work.

Sometimes it is possible to meet the definitions of the listed factors in the opposite variant, for example, disclosure or disclosure, modification (change or distortion) and destruction or blocking. The main thing is not to distort the meaning inherent in these definitions.

This is not a complete list of factors, these three concepts are highlighted, since they are usually found in almost all definitions of information security and do not cause controversy. In our opinion, it is necessary to include additional factors and understand the difference between them, namely:

accounting, that is, all significant actions of a person performed by him within the framework controlled by the security system (even if they do not go beyond the rules defined for that person), should be recorded and analyzed;
non-repudiation or appealability (typical of organizations in which electronic documents are exchanged with legal, financial or other significance), i.e. the person who sent information to another person cannot renounce the fact of sending information, and the person who received the information cannot deny the fact of its receipt.

The difference between these two factors, perhaps not immediately apparent, is as follows. Accounting is usually carried out by means of electronic logbooks, which are used primarily by authorized services, and its main difference is in the regularity of analysis of these journals. Appealability is provided by means of cryptography (electronic digital signature), and its characteristic feature is the possibility of using it as evidence in external instances, for example, in court, subject to the availability of relevant legislation.

Information security mechanisms

The listed objective factors or goals of information security are provided using the following mechanisms or principles:

policy - a set of formal (officially approved or traditionally established) rules that regulate the functioning of the information security mechanism;
identification - the definition (recognition) of each participant in the process of information interaction before any concepts of information security are applied to him;
authentication - ensuring confidence that the participant in the process of information exchange is identified correctly, i.e., is really the one whose identifier he presented;
access control - the creation and maintenance of a set of rules that determine the permission to access resources and the level of this access for each participant in the information exchange process;
authorization - formation of a rights profile for a specific participant in the information exchange process (authenticated or anonymous) from the set of access control rules;
auditing and monitoring - regular tracking of events occurring in the process of information exchange, with registration and analysis of predefined significant or suspicious events. The concepts of "audit" and "monitoring" are somewhat different, since the first involves the analysis of events after the fact, and the second is close to real-time;
incident response - a set of procedures or activities that are carried out in case of violation or suspicion of a breach of information security;
configuration management - creating and maintaining the functioning of the information exchange environment in working condition and in accordance with the requirements of information security;
user management - ensuring the working conditions of users in the information exchange environment in accordance with the requirements of information security.

In this case, users are understood as everyone who uses this information environment, including administrators;
risk management - ensuring compliance with the possible losses from the violation of information security of the power of protective equipment (that is, the cost of their construction);
ensuring sustainability - maintaining the environment of information exchange in the minimum acceptable working condition and compliance with the requirements of information security in a destructive external or internal influences.

Thus, it is listed that due to which the information security goals defined above are achieved (in some sources, the described principles, for example, authentication, are carried over to the goals). In our opinion, authentication alone cannot be the goal of information security. It is merely a method for determining a participant in an information exchange in order to further determine which, for example, a policy regarding confidentiality or accessibility should be applied to this participant.

Information Security Toolkit

Now we will consider what means or means exist by which the described principles or mechanisms are implemented. Naturally, it is simply impossible to provide a complete list here - it largely depends on the specific situation in the light of which this or that aspect of information security is considered. In addition, it is possible that someone wants to move some items from the list of mechanisms to the list of funds or vice versa. Our reasoning has the following basis. For example, the staff is engaged in an audit that provides accounting. This means that personnel is a means, audit is a mechanism, and accounting is a goal. Or passwords that provide authentication are stored in an encrypted form, authentication precedes, for example, permission to modify. This means that cryptography is a means of protecting passwords, passwords are used for the authentication mechanism, and authentication precedes integrity.

We list the main tools (tools) of information security:

personnel - people who will ensure the implementation of information security in all aspects, that is, develop, implement, maintain, monitor and execute;
regulatory support - documents that create legal space for the functioning of information security;
security models - information security schemes embedded in this particular information system or environment;
cryptography - methods and means of converting information into a form that makes unauthorized operations with it (reading and / or modification) difficult or impossible, together with the methods and means of creating, storing and distributing keys - special information objects that implement these sanctions;
anti-virus software - a tool for detecting and destroying malicious code (viruses, Trojans, etc.);
firewalls - access control devices from one information network to another;
security scanners - devices for checking the quality of the functioning of the security model for this particular information system;
attack detection systems - devices for monitoring activity in the information environment, sometimes with the possibility of independent participation in the specified activity;
backup - saving redundant copies of information resources in case of their possible loss or damage;
duplication (redundancy) - the creation of alternative devices necessary for the functioning of the information environment, intended for cases of failure of the main devices;
emergency plan - a set of measures intended for implementation in the event that events occur or occur not in the way that was predetermined by the rules of information security;
user training - training active participants in the information environment to work in compliance with information security requirements.

Probably, some concepts are too integrated (cryptography), some, on the contrary, are detailed (scanners). The main goal of this list was to show a typical set, characteristic for an enterprise that develops information security service.

The main directions of information security

Now it remains to consider the main directions of information security, which are sometimes distinguished among themselves. Actually, in our opinion there are only two of them - physical and computer security. However, taking into account the differences in definitions, we can characterize them as follows.

Physical Security - ensuring the safety of the equipment itself, intended for the functioning of the information environment, control of people's access to this equipment. In addition, this may include the concept of protecting the users of the information environment from the physical impact of intruders, as well as protecting non-virtual information (hard copies - printouts, official telephone directories, home addresses of employees, corrupted external media, etc.).

Computer security (network security, telecommunications security, data security) - ensuring the protection of information in its virtual form. It is possible to distinguish the stages of finding information in the environment, and according to these principles, to divide, for example, computer (at the place of creation, storage or processing of information) and network (when forwarding) security, but this, in principle, violates a comprehensive picture of security. The only thing that would be logical to agree with is the term data security, or rather, data security within this application. The fact is that in a specific software package, the security model can be implemented in such a way that it will require an individual specialist (or even a service) to maintain it. In this case, it is possible to separate the concepts of data security (of a specific application) and network security (of the rest of the information environment).

The next stage involves the creation of conditions for us to speak the same language, that is, the introduction of the basic set of definitions.

Terminology

So, in order to speak in a language understandable to all, it is necessary to introduce a number of definitions. The list is intentionally slightly expanded, which is necessary for this book, in the sense that not all the terms indicated here will be used further in the text. On the one hand, this was done specifically to help those who will continue to independently create regulatory, methodological and other information security materials. Some of these documents, which may be of a complex or technical nature, must necessarily be preceded by a section of definitions in order to avoid discrepancies and distortion of meaning. In this case, it will be possible to take this section as a basis and either use the definitions provided here or modify them if necessary.

Careful wording of such definitions is especially important when an organization starting work on developing information security enters into some formalized (for example, contractual) relations with subjects who have a weak idea of \u200b\u200bthe subject (for example, with their customers, partners or suppliers). The fact is that sometimes even simple and seemingly obvious concepts, such as information or a password, can be perceived in different ways and later become subjects of dispute. On the other hand, the reader does not need to memorize all the terms indicated here for successful mastering of the article material. As required with further use, the necessary definitions will be repeated, perhaps in a more simplified version.

Information will be called data presented in one form or another, suitable for storage, processing and / or transmission. With regard to information security from a practical point of view it is convenient to distinguish the following forms of information:

electronic (electrical signals, magnetization areas, etc.);
print (printouts, books, etc.);
visual (images on the screen, slides, posters, etc.);
auditory (talk of people, sound autoinformers, etc.).

Object we will call the actual information resource, i.e., a certain integral set of information, which includes data combined by a common theme, task, method of processing, etc.
Subject - a user of information or a process that processes a given set of information (object) and is taken into account, as applied to this consideration, at the time of a particular use of the object.
Therefore, the object is it is a kind of passive, and the subject is an active participant in the process of information exchange.
Information system - it is a kind of potentially open set of subjects acting on a set of objects, and the subjects of one system usually have a common goal or objectives.
Informational space - it is a set of information systems interacting with each other, and one part of these systems may have other, including directly opposite, interests than the other.
Information Security Rules - list of permitted and / or prohibited actions for subjects of the information system. Such rules can be defined not only for the person (user, administrator, etc.), but also for the process (for example, the process of providing access to the firewall).
Rights (eng. Rights) - a set of allowed actions (rules) for a given subject, part of the subject profile.

Unauthorized will be considered such an action that is performed by the subject (or part of the subject), for which this action is not defined as permitted (or defined as prohibited) by the rules of information security.

Information Tool - the information support device with the help of which the work in the information system is performed or is provided
Threat - the possibility of implementing a violation of a particular information security rule.
Vulnerability (English vulnerability) - insecurity or an error in an object or information system that leads or could lead to a threat.
Attack - the practical implementation of a threat or an attempt to implement it using one or another vulnerability.
Crash - an unauthorized incident of an extraordinary nature, carrying a destructive impact on an object or information system.
User - a person, a subject of an information system, performing business functions in it, that is, using an object for production purposes.
Admin - a person, a subject of an information system, creating conditions for users to work in it.
Controller - a subject (not necessarily a person!) of an information system that controls the use of an information system by users and administrators in accordance with predefined rules (information security rules).
The malefactor - the person, the subject of the information system, pursuing selfish or destructive goals, contrary to the business objectives of the system.
ID (name, login) - a set of symbols representing the unique name of a given object or subject in a given (in a different system, the name can be repeated) of the information system. Allows you to uniquely identify the user when logging in to the system, determine his rights in it, record actions, etc.
Password (eng. Password) - the secret sequence of characters associated with the subject and known only to him, allowing him to authenticate, i.e., to confirm the conformity of the real essence of the subject to the identifier presented to him at the entrance.

Profile (English profde) - a set of installations and configurations specific to a given subject or object and determining its operation in the information system.
Encryption (eng. Encryption) - the process of bringing information into a form in which it is impossible or significantly difficult to extract meaningful data from it without possessing specific additional knowledge (key).
Decryption (decryption) - the process is inverse to the encryption process, i.e., restoration with the help of the corresponding key information in its original form, which allows to extract semantic data from it.
Cryptanalysis - a set of methods and tools for performing (or the process itself) decrypting information without having the necessary key.
Electronic document - data set in electronic representation, which can be by standard transformations presented in a human-readable form, including as a document on paper; is an indivisible unit of information exchange, i.e. it can be transferred (received) or not transferred (not received) only as a whole; consists of elements called document details.
Private key (private key, secret key) - secret byte sequence intended to form the subject of an electronic digital signature for electronic documents.
Public key (public key) - the byte sequence associated with the private key and intended to verify the digital signature of electronic documents. The public key must be at the disposal of the relying party.

This chapter intentionally gives an incomplete definition of the private and public keys. These definitions are most likely the most applied, since these keys are most often used for electronic digital signature. These terms must be entered in cases where responsibility is assigned for the security of secret keys and the need arises for the timely submission of public keys. Details of the use of all types of keys, as well as encryption and digital signature algorithms are devoted to part of the Kdan book.

Electronic digital signature (EDS) (English digital signature) - a data block of a certain format, formed on the basis of a private key held by an authorized subject only, uniquely associated with a specific electronic document and used to verify the authenticity (authorship) and integrity of this electronic document.
Correct Electronic Digital Signature - electronic digital signature of an electronic document, which gives a positive result when it is verified by the corresponding public key.
Security Model - a set of principles, schemes and mechanisms (sometimes with an indication of specific tools and instruments) designed to ensure information security in this particular information system.
Mistake - an unintended, pre-planned action (in the form of an action or inaction) committed by a subject (user or process) that represents or may pose a threat to information security.
Malicious program - executable program module, script, macro or other program code created for the purpose of breaching information security. The objective of the malicious program is to set: minimum - unauthorized use of a part of information resources, maximum - the acquisition of full control over an object or information system with a view to its further unauthorized use. Malicious programs include viruses and Trojans.
Virus - malicious program, the main feature of which is the possibility of automatic reproduction (possibly with self-modification) and distribution to new information systems without control from the creator. Usually, the main purpose of viruses is to perform destructive actions, although there are viruses created for entertainment. Most often, the creator of a virus does not receive any material benefit from its operation, but sometimes, for example, as part of industrial competition, the creation of viruses can be paid for by the customer.
Trojan program, trojan, trojan horse (English trojari) - Malicious program, often including a keylogger and performing unauthorized and undocumented actions, sometimes even with remote control functions by an attacker, created with the purpose of deliberately violating the information security of the system. At the same time, Trojans often mask unauthorized activities by performing a number of useful documented actions for the user.

With the development of network technologies, Trojans appeared, penetrating the system on the principle of computer viruses. Such hybrids use properties of both the first and second classes of malicious programs for the purposes of an intruder. The most difficult of them, being "released to freedom" somewhere in the network of the enterprise and multiplying like a normal virus, can eventually reach their main goal, which may be well protected from direct attacks from the outside. After that, the trojan performs its security breach task and informs the creator that its task has been completed. Primitive variants of the Trojan programs can do minor dirty tricks such as sending on behalf of the user who has inadvertently launched the program, threats or curses to other network users.

Bookmark (hardware, software) - malicious functionality (program), implemented as one of the hidden functions of the system or object. Unlike Trojans that enter the system from the outside, they are created by the vast majority of system developers. Additional terms used are “rear door”, hatch (English trapdoor is an undocumented function laid down by the developer when creating a system / object and not eliminated for any reason, a logic bomb - the function is triggered when certain conditions are met).
Trust system status - a state in which the behavior of the system in terms of information security exactly corresponds to the specification, malicious programs do not function in the system, there has not been and there is no possibility of unauthorized access to data for reading and / or modification.
PIN - personal identification number, digital identifier assigned to an object or subject. Sometimes it is used as an analogue of a password, for example, in plastic card systems.
Token (English token) - in general, the data carrier, the security settings of its owner. Usually some external non-volatile media designed to store long passwords, cryptographic keys and other security information that a person is not able to keep in his memory. Access to the token data can additionally be protected with a password or PIN;
System garbage (English system garbage) - a set of data used by the system or object for work and not intended for extraneous analysis, but for any reason that is available to third parties. It is of interest to attackers, as it can store data about the features of the system, indirect information about confidential data, or even passwords and cryptographic keys.
In connection with these terms, it is necessary to mention the concept of a memory dump (eng. Memory dump) - "snapshot" the state of the device’s RAM used to determine the causes of failures when the system fails. Usually created and stored as a file on disk. In the case of contact with attackers can cause very serious damage to system security.
Third Party Software - software not authorized for use in this information space and not registered by authorized services.

A number of terms used later that are not directly related to information security are transferred to the Glossary in order not to clutter this chapter with too much information. It is additionally necessary to note the appearance in the text of the words "organization", "corporation" which are synonymous with the word "enterprise" in the sense of the subject of this book. In addition, the terms "business process", "business logic" will appear. In this case, the word "business" means "that which is predetermined by the goals of production of the given enterprise."

Tasks and principles of information security service organization

This chapter discusses the necessary bureaucratic processes for the formation of a security service in an enterprise, intended, rather, for service managers or for those who are professionally engaged in the strategy and tactics of the organization’s structural development. Therefore, readers who are more interested in technical aspects can easily move on to Chapter 4, the creation of a security service.

For those who still decide to read this chapter, we note that solving the issues and problems described here can be useful in preventing production conflicts and inconsistencies that may arise due to the specifics of the information security service.

Information Security Service Tasks

Despite the seemingly direct obviousness of the tasks of the information security service ("the security service must provide security - what else?"), A lot of questions arise that do not appear at first glance. We divide these questions or problems into the following groups:

placement of information security services;
its interaction with other services;
subordination hierarchy.

In other words, it is necessary to determine where the information security service should be located in the staff structure of the enterprise, how it will interact with other divisions (especially with the information technology division), and how many chiefs should stand between the head of security and the director of the enterprise.

There are a number of recommendations on the placement, interaction and subordination of the security service, both advanced, mostly Western, focused on the electronic world, and old, still Soviet, that came from the first departments. In our opinion, these procedures are very dependent on many factors of a particular enterprise, perhaps even such as the existing informal relationships between employees. If the priority at the enterprise is the efficiency of the information security service, then such aspects cannot be ignored. In order not to delineate a rigid framework for all of this, we suggest that you simply consider the problems and answer questions that arise. From the responses received it becomes clear how and where the information security service should be located in the organizational tree of the enterprise.

What should the security service do?

Administer existing security tools (firewalls, anti-virus packages, attack detection systems, etc.)?
Develop models and schemes for protecting information, make decisions about acquiring new security tools?
Monitor the work of users of the enterprise information space?
Which groups - only end users or also system administrators?
Where is the main focus of the service’s attention - on internal users (according to statistics, most of the information security breaches - both intentionally and unintentionally - result from the inside of the enterprise) or to protection from access from the external information space?

Without a doubt, information security issues should be considered in each of the listed items. However, the application may be different and depend on a variety of reasons that are not usually provided by Western recommendations, such as the lack of qualified personnel.

Two different situations can be an example of different solutions: the information security service only analyzes the situation, develops the model and decides whether it is necessary to acquire protection, while its administration is performed as part of the usual work of the information technology division. The opposite option - the acquisition of protective equipment is carried out within the framework of the general strategy of development of the enterprise’s information technology, and specific work on the installation and support of protective equipment is carried out by the information security service.

How does the interaction with the information technology service, and specifically with the administrators of networks and systems?

Information security specialists have full control over the information system, equal to the rights of the system administrator.
Security specialists take part in system administration, for example, in setting user rights.
Security specialists in the information system have access to all objects, but they only have the right to read information about them.
Information security specialists do not have access to the system; they use logs, configuration reports, etc. to monitor the work of administrators.

All of these options are deliberately indicated, since the issue of the relationship between the security service and, say, the local network administrator can be very tense, especially if the service is only being created, and the administrator has been performing its functions for several years.

What if the administrator really works honestly for a long time, and security specialists only come to the organization, but require significant rights in the system for themselves and restriction of administrator rights? What to do if the administrator in this case decided to leave the organization?
But what if the qualifications of security specialists in a specific information system are significantly lower than that of an administrator, and they can, with certain rights, interfere with the operation of the system?
What if the system is designed in such a way that in order to control the administrator, you need full control over the entire system?

There are more questions than answers; a decision needs to be taken in the light of all these problems.

It is possible that the painful process of transfer or division of rights will have to be stretched for a long period, until security specialists gain the relevant experience and the administrators gradually do not get used to partial, and then complete control.

How many decision-making steps on information security should exist?

If the head of the information security service is directly subordinate to the director of the enterprise and submits draft decisions directly, then this makes it possible to abuse his position (since the top manager is most likely not very competent in information technology, but he responds to the word security with all of the documents). If the process of agreeing a decision is too distributed across managers and stretched over time, there is a risk that there will be a delay in making a vital decision (however, ak for any other service). In addition, if the representatives of the points of agreement are not competent in the issue of security, then a lot of time will be unproductively spent on clarifying problems and agreeing on opinions.

Is the decision-making process on information security consistent with the overall strategy for the development of information technology?
Will there be any security facilities installed in the information space of the enterprise that will interfere with the operation of other information systems?

In this case, there are specific recommendations that advise that the information security service be subordinated not directly to the director, but to a certain security committee, which will be attended, on the one hand, by specialists who can assess the quality of the proposed solution, on the other hand, managers who can approve the decision taken mandatory execution.