Basic software and hardware measures to ensure information security
Various Internet resources are often used to store and transmit information that needs protection. One of the reasons for the leakage of important information is the unauthorized entry of unauthorized persons into the information system. Another reason for the loss or destruction of data may be the carelessness or incompetence of personnel who have access to classified materials. To prevent such incidents, it is required to take comprehensive software and hardware measures to protect information in databases, and to use special security servers.
Factors that increase the risk of reducing the quality of information protection are:
- the use by malefactors of increasingly sophisticated techniques for hacking information systems and decrypting classified data;
- insufficiently precise delimitation of employees' access to confidential information;
- the organization has several production points that are remote from each other. In this case, it becomes necessary to constantly transfer important information with the help of server providers engaged in providing access to e-mail boxes and cloud storage. Moreover, the degree of protection is not always high enough;
- saving on updating software and hardware.
Security servers and their types
To reduce the risk of leakage or destruction of confidential materials, special software computer protection mechanisms (security servers) are used.
By the nature of the tasks being solved, they are divided into the following main types:
- aimed at preventing the emergence of information threats (preventive);
- helping to identify cases of violation of confidentiality;
- undertaken to reduce the consequences of a leak and to technically limit their impact on the company's activities ("localization");
- aimed at identifying the culprit of the security violation;
- aimed at restoring a safe mode of working with confidential information.
When implementing measures for technical protection of information, the principles of its availability, integrity and confidentiality must be observed. The techniques used must be legal, consistent with the uniform state security policy. It is necessary to use advanced technologies to create insurmountable obstacles to intruders, to prevent accidental failures in the protection of classified information.
The level of technical protection must be economically justified.
The main software and hardware measures to prevent and eliminate information threats include:
- identification and authentication;
- differentiation of access to information;
- audit and logging;
- encryption;
- information integrity control;
- data shielding;
- security analysis of the information system;
- ensuring fault tolerance;
- safe data recovery;
- tunneling;
- management of work in information systems.
To prevent data loss as a result of theft, destruction of information (including in the event of unforeseen situations and natural disasters), it is necessary to use additional methods of protecting information. These include the reservation of valuable materials, the availability of spare communication channels, the possibility of technical isolation of the most vulnerable parts of the system.
Identification and authentication
These are measures related to the identification of a subject included in the information security system.
Identification means confirmation of the user's identity by entering a password, personal identification number, cryptographic key, using a special electronic card. Biometric identification by voice or fingerprint is possible.
Authentication (software "authentication") allows you to make sure that the user entering the information system is really who he claims to be.
Authentication basically requires a password or a key known only to the user and his "interlocutor", an answer to a secret question previously recorded by the system, and re-entering personal data. It is important to keep the authentication conditions confidential, to prevent eavesdropping, interception and reproduction of data by third parties. Authentication can be either one-way or mutual.
Access control
Means of technical hardware protection of information allow you to control access to classified materials (to carry out logical control). A computer program is used for systems with multiple users or interaction objects (devices, databases). The program records all operations that can be carried out in the process of working with materials in need of protection.
Option 1. Several employees work in the system. At the same time, access to various sections of information is delimited for each pair. The time of entry into the system and the duration of employee interaction are discussed.
Option 2. When several employees work with files containing confidential information, they are given unequal rights to read, make changes, add information. The program monitors the fulfillment of access conditions and the availability of specific permissions, prevents unauthorized actions, and detects violations.
Auditing and logging
Logging is the collection and accumulation of information about events in the information system that occurred in a certain time period. The following events are taken into account:
- "External", arising from incidents occurring in other information systems;
- "Internal" related to the implementation of their own measures to protect information;
- "Client", occurring in connection with the actions of users and system administrators.
An audit is an analysis of the efficiency of a data transmission and storage system. It can be carried out periodically (1-2 times a day), constantly (in real time) or promptly.
In the course of the audit and technical logging, such events as logging into and out of the system, access to other information systems, file names, operations performed and their results are recorded, ensuring the authorized availability of data that needs protection.
Data encryption
This method is used to securely transfer sensitive information, preserve their confidentiality and integrity. Encryption is also used during user authentication. This is a cryptographic way to protect information.
Two types of technical encryption are used: symmetric and asymmetric.
Symmetric methods (such as Magma, Grasshopper) use the same key to encrypt and decrypt data. However, it is difficult to prove that the information came from a specific source. Knowing the encryption key, an unscrupulous user can create a message himself that can harm and weaken data protection.
Asymmetric encryption methods use two keys. Only the decryption key known to the recipient of the information is secret.
A combination of symmetric and asymmetric methods of such protection is mainly used.
Data integrity control
This action is taken to protect information related to each other ("message flow"). Integrity refers to the immutability of data sent and received over network links. Intentional corruption of data becomes a threat of violation of integrity. Integrity may also be caused by a software error in the system.
One of the methods of programmatic control of the security and integrity of information is hashing - a comparison of certain mathematical indicators (digests) characteristic of the initial and final data. The method of electronic digital signature is also used.
Shielding
This is a way to limit the flow of information from one information system to another by installing a kind of "screen" between them. The information streams are filtered and transferred in certain portions to the next filter. The report on the results of analysis and data processing goes to the sender.
As a result, the "internal" information stored in the enterprise network is protected from the "external" information that attackers try to inject. To introduce harmful programs and unauthorized changes to data, they will have to overcome the "screen". The vulnerability of the data transmission system is significantly reduced.
System security analysis
This method allows you to identify and close gaps in the protection of confidential information that have arisen after software updates and the installation of new versions.
The reasons for increased vulnerability can be:
- infecting your computer with viruses;
- using weak passwords;
- unsuccessful setting of the operating system;
- work with weakly secure web services and applications.
To study the degree of information protection, network scanners and anti-virus programs are installed on computers. Scanners detect security vulnerabilities by examining file configurations. Antiviruses block or automatically destroy suspicious files, warn the system administrator about detected violations.
Providing fault tolerance
For the normal operation of a computer system, it is necessary that the provided services (services) be available to users for a certain time. The level of accessibility depends on the type of information. The indicators of service efficiency and time of unavailability play an important role.
Efficiency refers to the speed at which a user's request is processed. It must meet a certain level. The effectiveness of the services depends on the number of users working in the system.
The time of unavailability shows how long the access to the classified materials is not available due to too slow processing of the request. The time of unavailability should not go beyond the established framework.
To reduce the time of unavailability, fault-tolerant information systems are created. They are used, for example, in large control centers where quick access to confidential data is required by a large number of employees at the same time. Here, downtime should be kept to a minimum. To ensure fault tolerance in such systems, backup copying of information that needs protection, duplication and replication of electronic documents is carried out.
Safe data recovery
Loss of important information may occur if access to the system is terminated due to software failure. A safe recovery of the system's performance in an unforeseen situation that weakens the protection of information should be provided. For this, servers are used that copy data and transfer it to virtual (cloud storage), as well as restore the state of the system to an earlier period. At the same time, the availability, integrity and confidentiality of information must be preserved.
For safe recovery, backup data is encrypted, special keys are used to extract them from archives and storages. The possibility of information leaving the corporate data transmission network is excluded.
Tunneling
Confidential materials that require protection are transferred from sender to recipient in a "packaged" form. To ensure information security, secret data is divided into separate fragments (“packets”), which are sent in encrypted form over a public network through a “tunnel” (a secure communication channel between different information systems).
Management of work in the system
To maintain the efficiency and security of information systems, precise management of various security tools is required. It is carried out by the system administrator. He controls the functionality of the information network and coordinates the work of services that ensure the protection of classified information.
Management is necessary to solve the following tasks:
- planning the work of services, ensuring the effectiveness of services;
- studying their relevance;
- forecasting possible changes in safety conditions and developing methods of response.
Management of work in the system is subdivided into several types.
- Configuration management involves the collection of information about the current state of the system, the implementation of its safe start and stop.
- Failure management means identifying them, as well as taking technical measures to restore the system to operability.
- Performance management is related to the analysis of the system operation in normal and emergency situations, making the necessary amendments.
- Security management is the creation and revocation of security servers in response to accidental or deliberate breaches of information confidentiality.
***
The expansion of the volume of data transmitted over the Internet requires the development of more and more advanced measures aimed at protecting information.
To identify attempts to steal it and prevent accidental leakage, a variety of software methods for secure storage and transmission of data are used.
To maintain their integrity, confidentiality and availability, the use of preventive protection measures and the creation of information security (identification, authentication) are required.
Information exchange technologies are being improved using methods of encryption, shielding and tunneling. The analysis of the security of systems for the transmission and storage of confidential materials is carried out.
The possibility of accidental disclosure of information is taken into account, methods of protecting information in emergency situations are being developed.
An important role is played by the timely identification of information security threats, the awareness of personnel about the ways to eliminate them.
18.12.2020
