Sources of information leaks
Information is stored on different physical media, which are not only its forms, but also sources of leakage in case of data access. The main forms of storage and transmission of information: documentary; acoustic and telecommunication.
The sources of information leakage can be documents of the enterprise. The documentation is contained in several forms: paper, electronic, magnetic, graphic. Most of the company's documents must be kept in writing. But negligence in documentation can lead to access and loss of unauthorized information. After the source of information falls into the hands of a spy, the documentation can be replicated and the information can be used for personal gain.
Acoustic or speech media can be leaked. The carriers are precisely the sound vibrations of the systems for reproducing and amplifying waves. Technical sources of information and channels of its transmission are electromagnetic waves and communication channels between which information passes.
You should also pay attention to the company's employees. The staff can become a source of information, which will later be transferred to third parties. Sometimes this happens by accident during conversations after accessing other sources of information or obtaining company information. In other cases, the actions of personnel and the dissemination of unauthorized information can be regarded as industrial espionage. To keep confidential data with employees, it is necessary to sign nondisclosure documents.
Sources of information leakage or data transmission channels
Information leakage channels can be such types of unauthorized data transmission as:
The physical channels of information leakage are human resources, namely the activities of employees. The person acts as the main path of information leakage, and sometimes its source at the same time. Also, enterprise documentation is referred to the number of physical channels. In order to prevent the spread of information from media through channels, it is recommended to carefully select employees, as well as use security methods. It is important to properly organize work with documents, to limit the circle of persons who have access to them.
Technical channels of information leakage are opened after fraudsters interact with technical sources of data storage and transmission. All devices in offices (telephones, cordless telephones, printers, displays, computers) are potentially vulnerable objects. Unauthorized access is carried out using special equipment, and the data itself is transmitted through the following channels:
- electrical, electromagnetic, telephone channels;
- high-frequency electromagnetic radiation, at self-excitation frequencies of low-frequency amplifiers;
- air or vibration, as well as opto-electronic and parametric.
Features of channels of information leakage from carriers
The leakage channel is formed on the basis of three components:
- Source of signal or information carrier.
- Signal propagation medium.
- Means for technical recording.
The main indicators of channels are information throughput and information transmission range. It is the bandwidth of the channel that is the key characteristic, which is measured by the amount of information transmitted per unit of time. The quality of information transmission is also assessed when choosing a means for its theft. Information transfer according to generalized schemes is carried out as follows.
The recording object or the channel input receives the primary signal from the information source. The source is devices displaying different types of waves and containing unauthorized information.
The transmitter converts the received data into a convenient form for further dissemination of information by leaking. The main task of the transmitter is to format information quickly and without loss and transmit it to the receiver. In addition, the transmitter can:
- create your own acoustic or electromagnetic field that carries current;
- to record data on carriers with modification of preliminary parameters, that is, to distort information on its original source;
- increase the power of the signal coming from the source;
- to ensure further transmission of the signal through the channels and its propagation in a certain space.
Further transformations are dealt with by such a channel link as a receiver. It performs the following functions:
- selects only the necessary information according to the parameters set by the fraudsters in advance;
- amplifies signals that go to recording devices;
- performs the process of decoding and demodulation of the received information;
- converts the form of the received signal into any other convenient for the fraudster, provides error-free data reproduction.
The storage media are protected by large companies, but there are weak points through which the reader's signal can penetrate. Those zones through which unauthorized access can be made are called dangerous.
To form electromagnetic and electrical channels of information leakage, it is necessary to connect to information sources. This is done with the help of auxiliary technical equipment of the "bugs" type or by means of extraneous conductors. In addition to means for reading information, equipment is used to measure the characteristics of waves (length, frequency). Hardware bookmarks act as mini-transmitters, and all incoming information is recorded from sources to a special storage device.
Acoustic channels for transmitting information are based on methods of leakage through air, which is the main medium for signals. The sound that is transmitted is called structural. Oscillations propagate over significant distances without attenuation of the force. The channels for transmission from the medium to the recording device are walls, pipelines, ventilation ducts. The principle of operation is based on the vibration of solids in the course of sound waves. These methods are best used in large companies with large areas of premises and thin walls. The leak is carried out using different devices:
- radio bookmarks;
- directional microphones;
- portable sound recording systems or microphones;
- acoustic network or infrared devices;
- telephone devices installed on the lines.
Vibration channels of information leakage are formed on the basis of building structural elements. Such methods are used most rarely due to the low reliability of obtaining unauthorized information. The canal is a collective concept, the walls of the building, the water supply and sewerage system, pipes, floors, ceilings take part in its formation. Laser systems, electronic stethoscopes, and special noise converters are used as reading devices.
The most difficult thing is to determine whether there is such a channel of information leakage from the enterprise or not. The danger lies in the fact that in this way it is possible to obtain information from several types of media at once. And it is possible to close this leakage path and protect data using a vibroacoustic noise system. The interference generated by such a device is fed to a power amplifier, and then the signal is sent to an acoustic vibrator. After turning on the device, vibrations of the walls appear, which suppress the transmission of information from the room.
The storage medium must be protected from unauthorized access. Information is the main asset of the company, and its receipt by third parties can lead the company to bankruptcy. There are several stages of storing information (a potential source of leakage and methods of its protection are determined). It is important to pay attention to information protection methods that are based on the use of modern technologies.