THREATS TO INFORMATION SECURITY IN COMPUTER SYSTEMS, SOURCES OF THREATS, INFORMATION RISKS, METHODS OF THEIR ASSESSMENT Текст научной статьи по специальности «Компьютерные и информационные науки»

THREATS TO INFORMATION SECURITY IN COMPUTER SYSTEMS, SOURCES OF THREATS, INFORMATION RISKS, METHODS OF THEIR ASSESSMENT

Kushnir N.

Senior lecturer of the department of the information systems and programming of the institute of computer

systems and information security of the Kuban State Technological University

Yatskevich E.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Vlasova A.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Arustamyan V.

Student of the department of the information systems and programming of the institute of computer systems

and information security of the Kuban State Technological University

Abstract

This article reveals the concept of the threat of information in computer systems, displays possible sources of threats, and reveals information risks when working with computer systems and methods for assessing these threats, since in modern times, in a competitive environment, various actions are common, the purpose of which is to obtain confidential information in a variety of ways. ways, up to direct espionage with the use of modern technical means of reconnaissance. Therefore, the protection of information from unauthorized possession is of great importance.

Keywords: Security threat, information threat, espionage, cryptography, unauthorized access, risk, vulnerability, risk assessment, security baseline.

1. The concept of information threat.

Information security threat - a set of probable

events, conditions, phenomena, factors, and processes that can subsequently lead to the destruction, loss of integrity, confidentiality, or availability of information.

Possible threats to information security in automated systems (AIS) or in computer systems (CS) are divided into random threats and deliberate threats.

2. Random threats.

Random or unintentional threats are those that are not related to the intentional activities of intruders. These threats occur at random times.

The implementation of unintentional threats leads to the greatest losses, a direct violation of the integrity and availability of information is possible, and the likelihood of intruders in relation to information increases.

Significantly reduce losses from the implementation of random threats contribute to:

• Efficient system of IS exploitation, which includes mandatory redundancy of information

• Modern technology for the development of hardware and software

Unintentional threats are reflected in the development and application of information technology. During the operation of IS, the IT department and users bear the main burden of implementing the entire range of measures to counter such threats.

Possible causes of random threats:

• Natural disasters and accidents can have the most serious consequences for information systems, because the latter suffer physical destruction, access to information becomes impossible or it is lost. Accidents associated with a power outage are especially likely.

• Failures and failures of complex systems, as a result, the functionality of technical means is violated,

data and programs are erased and distorted, the algorithm of devices operation is lost. Violations of confidentiality of information can become a consequence of violations of the operation algorithms of individual nodes and devices.

• Errors in the development of IS, algorithmic and software errors lead to similar consequences from failures and failures of technical means. Intruders can also use these errors to influence IP resources. The most dangerous errors are errors in information security software and operating systems.

• Errors of users and service personnel. Incompetent, negligent, and inattentive performance of functional duties by employees leads to the destruction, violation of the integrity and confidentiality of information, as well as compromise of protection mechanisms.

3. Deliberate threats.

Deliberate threats are threats associated with human actions. These actions can be:

• Familiarization with confidential information in various ways and means without violating its integrity.

• Transformation of information for criminal purposes as a partial or significant distortion of the composition and content of information.

• In an effort to cause material damage, information can be destroyed (destroyed).

As a result, illegal actions with information lead to a violation of its confidentiality, completeness, reliability and availability.

This type of threat is dynamic, constantly replenished with new types of threats.

4. Types of deliberate threats.

Deliberate threats are divided into the following groups:

• Traditional or universal espionage and sabotage

• Unauthorized access to information

• Electromagnetic radiation and interference

• Modification of CS structures

• Malware

1) Traditional espionage and sabotage.

The source of undesirable influence on information resources are methods and means of espionage and sabotage, which are used to obtain or erase information on objects that do not have a CS. These techniques are similarly effective in the context of using computer systems. Most often, they are used to obtain data about the protection system to penetrate the CS, as well as to steal and destroy information resources.

Traditional espionage and sabotage methods include:

• eavesdropping;

• visual observation;

• theft of documents and machine data carriers;

• theft of programs and attributes of the protection system;

• bribery and blackmail of employees;

• collection and analysis of machine storage media waste;

• arson;

• explosions.

For eavesdropping, the attacker may not be on the territory of the object. With the help of modern means, it is possible to eavesdrop on conversations at a distance of several hundred meters.

This is how the eavesdropping system was tested, which makes it possible to record a conversation in a room with closed windows from a distance of 1 km. The range of the devices is reduced to hundreds and tens of meters in an urban environment, depending on the level of background noise. The principle of operation of these devices is based on the analysis of the reflected laser beam from the glass of the windows of the room, which vibrate from sound waves. Vibrations of window glass from acoustic waves in the room can be removed and transmitted over distances with the help of special devices mounted on the window glass. These devices convert the mechanical vibrations of the glass into an electrical signal, followed by its transmission over a radio channel.

When using ultra-sensitive directional microphones, eavesdropping is carried out outdoors. The actual eavesdropping distance with directional microphones is 50-100 meters.

Using stethoscope microphones, it is possible to monitor conversations in neighboring rooms and behind the walls of buildings. Stethoscopes convert acoustic vibrations into electrical ones, microphones make it possible to listen to conversations with a wall thickness of 0.5-1 m. Data is also read from glass, metal structures of buildings, water supply and heating pipes.

Audio information can be obtained through high frequency imposition. High-frequency imposition - the impact of a high-frequency electromagnetic field or electrical signals on elements capable of modulating these fields, or signals with electrical or acoustic signals with speech information. Such elements can be various cavities with an electrically conductive surface,

which is a high-frequency circuit with distributed parameters that change under the action of sound waves.

If the frequency of such a circuit coincides with the frequency of high-frequency imposition and in the presence of the influence of sound waves on the surface of the cavity, the circuit re-radiates and modulates the external field (high-frequency electrical signal). This method of listening in most cases is carried out using a telephone line. In this case, the telephone set is used as a modulating element - a high-frequency electrical signal is fed to it through the wires. The non-linear elements of a telephone set modulate a high-frequency signal under the influence of a speech signal. The modulated high frequency signal can be demodulated at the intruder's receiver.

Listening to conversations conducted using communication means is another potential channel for the leakage of sound information. Control can be carried out both via wired channels and radio channels - such listening does not require huge costs and high qualifications of the attacker.

Remote video reconnaissance for obtaining information in the CS is of little use and, as a rule, is of an auxiliary nature. In most cases, video intelligence is used to identify operating modes and the location of information protection mechanisms. Information can be intercepted from the CS when posters, screens, and displays are used at the facility if there are transparent windows and the elements listed above are located without taking into account the need to prevent such a threat. Video reconnaissance can be carried out using technical means, such as optical instruments, photographic, film and television equipment. Many of these devices allow you to store video information, as well as transmit it over certain distances.

Thefts and forgeries. In many cases, the perpetrators are employees of the organization who are aware of the working hours and protection measures. In order to break the statistical integrity, an attacker (usually a staff member) can:

Modify data, for example during the creation or receipt of a document

Enter false information.

The process of processing and transmitting information by the technical means of the COP is accompanied by electromagnetic radiation and the induction of electrical signals in communication lines, signaling, grounding and other conductors. Such electromagnetic radiation and pickups are used by attackers to obtain data or to eliminate them. Electromagnetic pulses can erase information on magnetic media. For this destruction from a distance of several tens of meters, a device that fits in a briefcase can be used. Powerful high-frequency electromagnetic radiation can destroy the electronic components of the IC. Unlike PEMIN, this threat is relatively easy to implement.

A serious threat to the security of information to the CS is an unauthorized modification of the algorithmic, software and technical structure of the system.

2) Malicious programs.

Malicious programs are one of the main threats to information security, which is associated with the scale

of the spread of this phenomenon and due to the huge damage caused to information systems.

These programs are created in order to destroy, modify, block or copy information without authorization, in order to disrupt the operation of computers or computer networks. To automate the actions of intruders, Trojans, viruses, worms and other tools of this class of programs are used.

Modern malware is an almost imperceptible "enemy" for the average user, which is constantly evolving and improving, inventing new and more sophisticated methods to penetrate computers. The need to fight against malicious programs is due to the risks of violating all components of information security by them.

Malware includes:

- Network worms

- Classic file viruses

- Trojans

- Hacking tools

These programs harm the computer they run on or other computers on the network.

Network worms are programs that spread their copies over local and global networks with the following goals:

• Penetration to remote devices (computers, mobile phones);

• Run your copy on a remote device;

• Subsequent migration to other devices on the network

Distribution channels for many well-known worms are:

• Link in ICQ and IRC messages to an infected file placed on some FTP or web resource;

• A file in the P2P exchange directory, etc.

Some types of worms can be transmitted as network packets and sneak directly into the computer's memory and activate their code on their own - these worms are called "packet" or "fileless" worms.

Classical computer viruses are programs that spread their copies over the resources of a local computer, while pursuing the following tasks:

• Further launch of your code for any user actions;

• Further implementation in other computer resources

Viruses, unlike worms, do not use network services to get into other computers. Copies of the virus get into the computer only when the infected object for some reason is activated on another computer:

- the virus copied itself to removable media or infected files on nm;

-when infecting accessible disks, the virus penetrated files located on a network resource;

- The user sent an email with an infected attachment.

3) Unauthorized access.

Unauthorized access (UAS) is the unlawful deliberate capture of confidential information by a person who does not have the right to access this information. NSD is one of the most diverse and widespread methods of influencing the information system, which makes it possible to cause damage to each of the elements of the information system. It can occur due to an

irrational choice of protection tools, errors in the protection system, due to incorrect installation and configuration of protection tools.

Channels of unauthorized access are classified by the elements of automated information systems:

1) through the program:

• decryption of encrypted information;

• copying data from media;

• interception of passwords;

2) through the hardware:

• interception of spurious electromagnetic radiation from equipment, communication lines, power supply networks, etc.

• connection of specially designed hardware providing access to information;

3) through a person:

• reading information from the screen or keyboard;

• reading information through printouts;

• theft of information carriers.

5. Methods of risk assessment in the field of information security.

Risk is the probability of some unfavorable event occurring, leading to various losses.

A vulnerability is a weak point in a security system that makes it likely that a threat will materialize.

Risk analysis is a procedure for identifying threats, potential damage, vulnerabilities, and countermeas-ures.

Basic level of security is a required minimum level of security for information systems.

Basic risk analysis - risk analysis carried out in accordance with the requirements of the basic level of security. Applied risk analysis methods aimed at this level, as a rule, do not take into account the significance of resources and do not evaluate the effectiveness of countermeasures. Methods of this class are used in circumstances where the information system does not have high requirements in the field of information security.

Full risk analysis - risk analysis for information systems that put forward high requirements in the field of information security; contains the determination of the significance of information resources, the assessment of vulnerabilities and threats, the definition of countermeasures, and the assessment of their effectiveness.

Information security risk is the possibility that an existing threat can take advantage of a vulnerability in an asset or groups of assets and harm the organization.

Quantitative risk assessment - the procedure for assigning values of the probability and consequences of risk (GOST RISO / IEC 27005-2010. "Information technology. Methods and means of ensuring security. Information security risk management"

Risk management is the procedure for assigning countermeasures in accordance with risk assessment.

The IS management system is a set of measures aimed at ensuring the IS regime at all stages of the information system (IS) life cycle.

Resources (assets) - objects that are important to the organization and that affect the continuity of activities. All resources must be identified and accounted for, and resource owners must also be identified.

The organization of activities to prevent IS risks is obliged to help:

risk recognition;

risk assessment based on the consequences of their implementation for the business and the possibility of their occurrence;

awareness and communication about the likelihood and consequences of risks; prioritization of risk treatment; setting priorities for measures to reduce existing risks;

involving stakeholders in decision-making about risk management and keeping them informed about the state of risk management;

the effectiveness of risk treatment monitoring; conducting regular monitoring and review of the risk management process;

collecting information to improve risk management;

training of personnel on risks and the necessary actions to reduce them.

References

1. Baranova, E.K. Information security and protection of information: textbook. allowance / Baranova E.K., Babash A.V. - 3rd ed., revised. and additional -Moscow: RIOR: INFRA-M, 2017. - 322 p.

2. Bashly, P. N. Information security and information protection [Electronic resource] : textbook / P. N. Bashly, A. V. Babash, E. K. Baranova. - Moscow: RIOR, 2013. - 222 p.

3. Biryukov, A.A. Information security: protection and attack / A.A. Biryukov. - 2nd ed., revised. and additional - Moscow: DMK Press, 2017. - 434 p.