CLASSIFICATION OF INFORMATION SECURITY METHODS AND THEIR CHARACTERISTICS Текст научной статьи по специальности «СМИ (медиа) и массовые коммуникации»

CLASSIFICATION OF INFORMATION SECURITY METHODS AND THEIR CHARACTERISTICS

Kushnir N.

Senior lecturer of the department of the information systems and programming of the institute of computer

systems and information security of the Kuban State Technological University

Yatskevich E.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Bobina N.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Trishkin E.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Abstract

The concept of "information" is used very widely today. A large amount of information literally overwhelms people. Scientific knowledge, for example, according to experts, increases by 2 times every five years.

Information has consumer qualities, as well as its owners. It is very important for the owner to keep secret commercially important information that allows him to successfully compete in the production market. This requires certain actions aimed at protecting confidential information.

Keywords: Information security, security threat, information threat, espionage, cryptography, unauthorized access, risk, vulnerability.

Information security (information security) is understood as the state of protection of the information itself and its carriers (a person, systems and means, bodies that provide the receipt, processing, storage, transmission and use of information) from various types of threats.

Information security can be ensured by various methods and means of both organizational and engineering nature. The information security system includes a set of organizational measures, technical, software and other methods and means of ensuring information security.

In the Russian Federation, the Concept of Information Security is being created as an integral part of the national security of the Russian Federation. Within the framework of the draft of this Concept, the main provisions of the state policy for ensuring information security are formulated:

- the state is developing the Federal Information Security Program, which unites the efforts of state organizations and commercial structures in creating a unified information security system in Russia;

- the state forms a legal framework that regulates the rights, duties and responsibilities of all entities operating in the information sphere;

- restriction of access to information is an exception to the general principle of openness of information and is carried out only on the basis of legislation;

- access to any information, as well as the imposed restrictions on access, are carried out taking into account the property rights to this information determined by law;

- responsibility for the safety, classification and declassification of information is personified;

- legal entities and individuals collecting, accumulating and processing personal data and confidential information are liable before the law for their safety and use;

- the state exercises control over the creation and use of information security tools through their mandatory certification and licensing of enterprises and organizations in the field of information security;

- the state pursues a protectionist policy that supports the activities of domestic manufacturers of informatization and information protection tools, and takes measures to protect the domestic market from the penetration of low-quality informatization tools and information products into it;

- the state wants to abandon foreign information technologies for the informatization of public authorities and administration as competitive domestic information technologies and informatization tools are created;

- the state by legal means ensures the protection of society from false, distorted and unreliable information coming through the media;

- the state contributes to providing citizens with access to world information resources, global information networks;

- the state is making efforts to counteract the information expansion of the United States and other developed countries, supports the internationalization of global information networks and systems.

The above provisions of the state policy for ensuring information security require the development of appropriate scientific, technical, organizational and legal support for information security.

1. Basic methods of information security and their characteristics

All methods of protecting information in networks and storages inside the company building are divided into several processes:

Access obstruction

Barring access to information means controlling access and limiting the number of people who have access to the data.

A complete example is:

Sturdy doors;

Security alarm systems for intrusion control;

Access control in the form of intercom systems, identification cards.

The perimeter control system, which fixes the offender, shows itself perfectly. It is built not only using sensors, but also captures what is happening on video.

Disguise

Cryptographic methods of information protection are a powerful weapon in the fight for information security. This concept is very broad in practice.

For example, data can:

1) Encrypted using a hardware method, when stored on special media;

be encoded by software methods, which complicates decryption if the attacker does not know the principle;

2) Data can be encrypted using shared keys to restrict access to only a fixed list of individuals.

3) Somewhat problematic at the moment of decryption speed is the method of placing data in graphic images.

Regulation

Information security methods consist in creating clear data manipulation schemes. In the aggregate of measures, the division of areas of responsibility between individual groups of workers can also be considered.

As a result, difficulty is achieved in accessing the full amount of data through manipulation, as well as the application of carelessness and human habits. Introduction to job descriptions.

To regulate operations with data, job descriptions are created, other instructions at the enterprise level, with which employees are familiarized and are required to follow.

Control

Management is the largest in terms of volume and payroll methods for protecting computer information.

The method of continuous monitoring and control is effective.

1) Obtaining a full volume of statistics is achieved, which allows for forecasting and strategic planning of future development, changes.

2) Non-normal operation of the equipment is determined at an early level, an unusually high number of requests for data, which allows network attacks to be detected at an early level;

3) Track the level of wear and tear of equipment, operating parameters.

Compulsion

Enforcement systems are considered the most effective. They are easy to organize and control.

Such methods of protecting information from leakage may include:

1) Introduction of criminal, disciplinary, administrative liability for disclosure of information;

2) Providing the employee with a specially equipped, appropriate level of access and a workplace developed by the company's regulations;

3) Full control of the employee's movements, restriction of equipment brought into the work area (flash

drives, phones, any wearable electronics), a ban on the removal of documents and material assets (computer components)

In practice, creating a maximum security camp is quite simple. Personal ID cards to track the movement of an employee

This will require a small amount of security, an elaborate network of cameras, ID readers.

Motivation

Motivation is a method of increasing staff motivation. Unlike coercion, motivation works on a positive attitude.

Therefore, such a technique is complex and does not differ in predictable performance. Conducting corporate team building.

The list of measures may include a corporate policy for holding festive events, team building with the suggestion of the idea of unity with the team, and much more.

In practice, it is recommended to combine measures of coercion and inducement, since the latter in its pure form is not only difficult to predict in terms of results, but also requires a constant investment of effort and time to influence the staff.

2. Classification of modern methods of information protection.

The main classification of modern protection methods can be carried out according to the following parameters:

- at the cost of the program that ensures the protection of information,

- by the prevalence of the method of protection and the scope,

- according to the degree of protection against hacking, troubleshooting and preventing breakage or hacking.

- Classification by cost of funds

Today, a lot of money is spent on protecting information. And it's worth it, because today information means a lot and can become quite a serious weapon. Hacking information, as well as its protection, is quite expensive, but, as a rule, those who are ready to spend money on the implementation of this protection need information protection. The importance of information is directly proportional to the money it costs to protect that information. It is up to the owner of the information to decide whether the method of implementing the protection of information is worth the money that is requested for it.

The most expensive and most functional means of protection are electronic security keys and smart cards. The protection system in such programs is quite flexible, which allows you to reprogram data for a specific user. Electronic security keys are developed to order on an individual basis, so the scheme for breaking them is much more complicated than, say, in smart cards. A more complex organization of the protection method itself causes a high price for the program.

If we talk about the cost of programs that provide information protection, it is worth noting that the price of some of them is commensurate with the price of hacking these same systems. Therefore, it is highly impractical to purchase such programs - after all, hacking

such programs is hardly more difficult and more expensive than installing them. For example, the cost of hacking a smart card is about $50,000, and development labs do not guarantee protection against hacking.

PCDST, flash drives and USB tokens are in second place in terms of value. These security tools are sold separately from the program that needs data protection, which in principle prevents information from being hacked, since there are no general schemes for hacking. Flash drives and USB tokens are personal security devices, so in order to access information, you need to access the security device directly. As a rule, the cost of such protective devices is adequate to their reliability and functionality.

Against the background of the rest, software protection methods are cheaper. This is because the initial data for the program are set immediately, cannot be changed, and are part of the program itself. Protection is installed according to the same schemes and takes up memory on the hard drive, the user does not pay for information protection directly, he pays for the information itself. Also, the relatively low cost of software protection methods is explained by the ease of breakage and / or hacking. For all methods, there are the same schemes by which protection is configured. It is enough just to know such a scheme, and cracking the protection will not be difficult for a good programmer.

LCDs cost a little more due to the flexibility of the internal security system, but are also more of a proprietary security tool and don't cost much more than flash drives given their functionality.

- Classification by the prevalence of the remedy

Software protection is the most common type of protection, which is facilitated by such positive properties of this tool as versatility, flexibility, ease of implementation, almost unlimited possibilities for change and development.

Another widely used protection method is secure flash drives. They are available to any user, easy to use and do not require any special knowledge to use. Only now, hacking such flash drives is quite easy.

Electronic security keys, secure flash drives, smart cards and USB tokens are security tools common both among private users and among office devices such as payment terminals, bank machines, cash registers and others. Flash drives and USB tokens are easily used to protect software, and their relatively inexpensive cost allows them to be widely adopted. Electronic security keys are used when working with devices that contain information not of a specific user, but information about the entire system. Such data, as a rule, needs additional protection, because it affects both the system itself and many of its users. A system that allows programming options in smart cards and keys allows you to expand their scope by customizing the protection system for an existing operating system. For example, private clubs use keys to protect private information that is not subject to information.

Of special note is the protection of information in the security services of various organizations. Here, almost all methods of information protection find their application, and sometimes several protection methods

with different functionality cooperate to protect information. PCDST also find their application here, performing not so much the function of protecting information as the function of protection as a whole. The PCDST also implements, for example, a pass system, using radio tags, referring to a common system that allows or, accordingly, does not allow access.

- Classification for protection against tampering, troubleshooting and prevention of breakage or tampering

Company funds, flash drives, PCDST or tokens are most prone to breakage, often due to the user's fault due to improper operation. Hacking such systems is carried out only when the carrier is physically stolen, which makes it difficult for a hacker to work. As a rule, each medium has a kernel that directly provides the protection itself. Cracking the code to such media or to its core costs about the same as the media itself, for a skilled specialist, hacking medium-protected media is not particularly difficult, so the developers are currently working not on expanding the functionality of such protection systems, but on protection from hacking. For example, the developers of the SHIPKA PCDST have a whole team that has been dealing only with the issues of protection against hacking for about two years. I must say that they succeeded in this matter. The core of the system is protected as physically and at the programming level. To get to it, you need to overcome a two-stage additional protection. However, such a system is not widely used due to the high cost of the production process of such carriers.

Software methods for ensuring information protection are also subject to hacking. Written according to the same algorithm, they also have the same hacking algorithm, which is successfully used by virus creators. In such cases, hacking can be prevented only by creating multi-stage or additional protection. As for the breakdown, here the probability that the algorithm will fail and the method will stop working is determined only by the introduction of a virus, that is, by breaking the algorithm. Physically, software methods of protecting information cannot fail, of course, therefore, it is possible to prevent the occurrence of malfunctions only by preventing the algorithm from being hacked.

Smart cards have been presented as suitable for identity verification tasks because they are resistant to tampering. The embedded smart card chip usually uses some cryptographic algorithm. However, there are methods for restoring some internal states. Smart cards can be physically damaged by chemicals or technical means in such a way that the chip containing the information can be directly accessed. Although such methods may damage the chip itself, they allow access to more detailed information (for example, a micrograph of the encryption device). Naturally, there are also differences in smart cards, and depending on the developer and the price at which the smart card is distributed, the security against hacking can be different. But in each card there is still a specially developed unique code, which greatly complicates access to information.

Electronic keys, just like personal media of information security systems, can also be physically damaged. This is the reason for the protection of both an

external device (plastic case) and an internal one: the information is in a system that can work autonomously and off-line. The code that provides the security device resides in memory that is protected from sudden power outages of the computer or other external influences. As for hacking, it can only be done in two ways: by emulating a key or by hacking a software module. Key emulation is a very time-consuming process, and rarely anyone has managed to crack it in this way. In 1999, attackers managed to develop a fairly correctly working Aladdin HASP3 dongle emulator. This became possible due to the fact that the encoding algorithms were implemented in software. Now, however, hackers most likely use the second method to crack keys. Hacking a software module is considered to be deactivating a piece of code. To prevent this from happening, developers use private algorithms that are designed specifically for this key and are not available to the public, however, they encrypt the most vulnerable parts of the code additionally, making access to structural protection very difficult.

There are smart cards that are easy to hack. But there are also cards that can only be hacked if there is special data available only to developers. At the same time, this does not mean at all that the more expensive

the means of protection, the better it is. But it is impossible to judge the efficiency of even security systems of the same type, for example, about all electronic keys taken together, without considering the features of the work.

References

1. Yarochkin V. I. Information security, a textbook for universities.

2. Technical means and methods of information protection: Textbook for universities / Zaitsev A.P., Shelupanov A.A., Meshcheryakov R.V. and etc.; ed. A.P. Zaitsev and A.A. Shelupanov. - M.: Mashi-nostroenie Publishing House LLC

3. The Law of the Russian Federation "On State Secrets", the Civil Code of the Russian Federation of 1994, the Law of the Russian Federation "On Information, Informatization and Information Protection".

4. Galatenko V.A. Fundamentals of information security

5. Melnikov VV. Textbook for the course Methods and means of information protection.

6. Melnikov, V. V. Information protection in computer systems

CLOUD STORAGE AND INFORMATION PROTECTION

Kushnir N.

Senior lecturer of the department of the information systems and programming of the institute of computer

systems and information security of the Kuban State Technological University

Yatskevich E.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Trishkin E.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Bobina N.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Abstract

Progress in the information technology sphere has also affected all types of life activity, bringing many positive aspects. It certainly brought all kinds of risk fronts that are associated with the protection of information. It is no secret to anyone that "Cloud technologies" constitute an integral part of the life of society in the 21st century. When information is provided with confidentiality, availability and integrity, information is secure. The methods of organizational and technical support of information security are: creation of systems and means to prevent UA (unauthorized access) to information that is being processed, improvement and use of information security tools, and identification of those that pose a danger to IT systems, programs and technical devices. modeling and use of information systems force the leaders of various organizations to find the latest ways to improve the efficiency of enterprises and organizations in the information field. "Cloud technologies" offer a full range of services related to information , such as: storage, search and transmission of information, ensuring its security and much more.

Keywords: Cloud technologies, information threat, espionage, information technology, unauthorized access,

risk.

The main characteristics of cloud storage are:

- scalability (by increasing the number of running instances, a scalable application provides a greater load);

- elasticity allows you to quickly accumulate infrastructure capacity without investing in equipment and software);

- multi-tenancy (uses available computing resources and reduces the cost of a platform in the cloud);

- payment for use (transfer of part of capital costs to operating costs);

- self-service (enables consumers to get and request the resources that the user needs in a matter of moments).