Research on supply problems information security and methods for preventing violations in this area have highlighted the need to more deeply understand the issues of information conflicts, which often lead to more serious consequences than simply fixing an obvious conflict and waiting for it to fade or develop into an offense.
“Conflict translated from Latin,” says Professor T. A. Polyakova, “is a clash of opposing goals, interests, positions, opinions or views of opponents or subjects of interaction.” Such contradictions in the construction information society inevitable, diverse and comprehensive.
Considering conflicts as a form of contradiction objectified in the relations of subjects, we drew attention to the fact that conflicts arise both in the social sphere and in the information system, in the information infrastructure. They can be both negative in relation to the problems being solved by society, and positive, pushing responsible subjects to search for new or more advanced solutions. A conflict can act as a motive for an offense if it is not taken into account in the process of identifying it. Most often, conflicts manifest themselves in the legislation itself due to its weak consistency and insufficiently thorough preparation of draft regulations, as well as omissions in the processes of law enforcement and execution of legislative acts.
Conflicts in the field of lawmaking are very significant in the context of cultural diversity and ignoring historical factors in the implementation established rights il, lack of understanding of the balance and consistency of actions in the field of relations between state authorities and local governments, legal leaders and citizens. Conflicts arise due to non-compliance with the rules for working with information technologies, information resources, and failure to comply with requirements for communication systems. Methods for resolving conflicts are different and depend on the causes and area of their occurrence. They can be repaid administratively, officially, through peaceful interaction between the parties, but they can also be brought to judicial review. In any case, the presence of a conflict, identified and recorded, is a condition for preventing more serious situations. We can say that behind each form of violation of information security rules there are hidden identified or undetected conflicts of an objective or subjective nature. In this regard, in 2008, a theoretical seminar was held at the IGP RAS on the topic “Conflicts in the Information Sphere”, the materials of which were published in the collection of articles and speeches of its participants of the same name.
Not all types of conflicts develop into offenses, or even less into crimes.
Taking into account the significance of the conflict in the area of social relations under consideration, it is important to formulate concept of legally significant conflict in the information environment (sphere) as follows. Legally significant conflict is to create a situation instability in implementation the legitimate rights and interests of citizens, the state, society, individual organizations in their information environment, situations that reduce the level of security, including those leading to the creation of threats, risks and destruction in the information infrastructure itself or in the field of the rights of subjects - participants in information relations and processes . And this was covered in the previous chapters of the textbook, as well as in the works of S.I. Semiletov. Let us note that conflicts lead to undermining the importance of information in the process of developing an information, civil, democratic, social, sustainable legal and humane society
Information (computer) security threats are various actions that can lead to information security violations. In other words, these are potential events/processes or actions that could cause damage to information and computer systems.
Information security threats can be divided into two types: natural and artificial. Natural phenomena include natural phenomena that do not depend on humans, for example, hurricanes, floods, fires, etc. Man-made threats depend directly on the person and can be intentional or unintentional. Unintentional threats arise from carelessness, inattention and ignorance. An example of such threats could be the installation of programs that are not required for operation, which subsequently disrupt the operation of the system, which leads to the loss of information. Intentional threats, unlike the previous ones, are created on purpose. These include attacks by attackers both from outside and inside the company. The result of this type of threat is huge losses for the company Money and intellectual property.
Depending on various methods of classification, all possible threats to information security can be divided into the following main subgroups:
Objectionable content includes not only malware, riskware and spam that are specifically designed to destroy or steal information, but also sites that are prohibited by law or inappropriate sites that contain information that is inappropriate for the consumer's age.
Source: EY international information security study “The Path to Cyber Resilience: Forecast, Resistance, Response,” 2016
Unauthorized access – viewing of information by an employee who does not have permission to use this information, through violation of official authority. Unauthorized access leads to information leakage. Depending on what information and where it is stored, leaks can be organized different ways, namely through attacks on websites, hacking programs, intercepting data over the network, and using unauthorized programs.
An information leak, depending on what caused it, can be divided into intentional and accidental. Accidental leaks occur due to hardware, software, and human errors. And intentional ones, unlike accidental ones, are organized deliberately, with the goal of gaining access to data and causing damage.
Data loss can be considered one of the main threats to information security. Violation of the integrity of information can be caused by equipment malfunction or intentional actions of users, whether they are employees or attackers.
An equally dangerous threat is fraud (fraud using information technologies). Fraud can include not only manipulations with credit cards(carding) and online banking hacking, but also internal fraud. The purpose of these economic crimes is to circumvent legislation, policies, company regulations, and misappropriation of property.
Every year, the terrorist threat increases throughout the world, gradually moving into the virtual space. Today, no one is surprised by the possibility of attacks on industrial control systems of various enterprises. But such attacks are not carried out without preliminary reconnaissance, which is why cyber espionage is needed to help collect the necessary data. There is also such a thing as information war, which differs from conventional war only in that carefully prepared information acts as a weapon.
An information security breach can be caused either by the planned actions of an attacker or by the inexperience of an employee. The user must have at least some understanding of information security and malicious software, so as not to cause damage to the company and himself through his actions.
To break through protection and gain access to the necessary information, attackers use weaknesses and errors in software, web applications, errors in firewall configurations, access rights, and resort to eavesdropping on communication channels and using keyloggers.
The loss of information can be caused not only by external attacks by intruders and carelessness of employees, but also by company employees who are interested in making a profit in exchange for valuable data from the organization in which they work or worked.
The sources of threats are cybercriminal groups and government intelligence services (cyber units), which use the entire arsenal of available cyber tools:
What will be used to attack depends on the type of information, its location, how to access it and the level of protection. If the attack is designed to exploit the inexperience of the victim, then spam mailings may be used.
Information security threats must be assessed comprehensively, and assessment methods will vary in each specific case. For example, to prevent data loss due to equipment malfunction, you need to use high-quality components, carry out regular maintenance, and install voltage stabilizers. Next, you should install and regularly update the software. Special attention should be paid to security software, the databases of which must be updated daily:
Training company employees in the basic concepts of information security and the principles of operation of various malware will help avoid accidental data leaks, eliminate random installation potentially dangerous programs on your computer. Also, as a precaution against loss of information, you should do backups. In order to monitor the activities of employees at their workplaces and be able to detect an intruder, DLP systems should be used.
Specialized programs developed on the basis of modern technologies will help organize information security. An example of such technologies for preventing confidential data leaks is DLP systems. And in the fight against fraud, you should use anti-fraud systems that provide the ability to monitor, detect and manage the level of fraud.
One of the features of ensuring information security in information systems is that abstract concepts such as " access subject", "information", etc., are put in accordance physical representations in the computing environment:
To represent the concept " access subject"- active programs and processes ,
To represent the concept “ information" - machine media information as external devices computer systems (terminals, printing devices, various storage devices, lines and communication channels), volumes, sections and subsections of volumes, files, records, record fields, RAM, etc.
Information security of IP - the state of the information system under consideration, in which it:
- On the one side, able to withstand the destabilizing effects of external and internal information threats,
- with another - its presence and operation does not create information threats to the elements of the system itself and the external environment.
IP Security - this is protection from accidental or intentional interference in the normal process of its functioning, as well as attempts to steal, change or destroy components.
IP Security Threat - these are possible impacts on the IP that can directly or indirectly damage its security.
Security Damage - this is a violation of the security status of information contained and processed in the information system. Security damage implies a violation of the security status of the information contained in the information system through unauthorized access (NAA) to the objects of the information system.
IP vulnerability - This characteristic or property IP, the use of which by an intruder can lead to the implementation of a threat.
Attack on a computer system - this is an action taken by an attacker, which consists of searching for and exploiting a particular system vulnerability.
Unauthorized access to information – the most common type of computer violations. It consists of a user gaining access to an object for which there is no permission in accordance with the organization's security policy.
Countering security threats is the goal of protecting information processing systems.
Thus, an attack is the implementation of a security threat.
Threat usually identified either with the nature (type, method) of a destabilizing impact on information, or with the consequences (results) of such an impact. However, these kinds of terms can have many interpretations. Another approach to defining a threat to information security is also possible, based on the concept of “threat”.
According to " Dictionary of the Russian language" Ozhegova , « threat “is the intention to cause physical, material or other harm to public or personal interests, a possible danger.
Under threat (in general) usually understand a potentially possible event, action (impact), process or phenomenon that could lead to damage to someone’s interests.
In other words, the concept of threat is strictly connected with the legal category of “damage”, which The Civil Code defines How " actual expenses incurred by the subject as a result of violation of his rights (for example, disclosure or use by the violator of confidential information), loss or damage to property , and expenses which he will have to produce to restore the violated right and the value of damaged or lost property » .
Under threat to information security of IP are called:
1) possibility of implementation impact on information , processed in the IS, leading to: - distortion, destruction, copying, blocking access to information;
2) as well as the possibility impact on IS components , leading to: loss, destruction or malfunction of the storage medium, the means of interaction with the medium or the means of its control.
Currently, a fairly extensive list of threats to information security of IP, numbering hundreds of items, is being considered. The most typical and frequently realized threats to information security of information systems:
Unauthorized copying of storage media;
Careless actions leading to the disclosure of confidential information or making it publicly available;
Ignoring organizational restrictions (established rules) when determining the rank of the system.
The basis for analyzing the risk of the implementation of threats and formulating requirements for the developed IP protection system is the analysis of the negative consequences of the implementation of threats and involves their mandatory identification, namely:
List of possible threats to information security,
Estimates of the probabilities of their implementation,
Intruder model.
In addition to identifying possible threats, an analysis of these threats should be carried out based on theirclassification according to a number of characteristics .
Each of classification features reflects one of the general requirements for the protection system. At the same time, threats corresponding to each classification characteristic allow us to detail the requirement reflected by this characteristic.
The need to classify threats to information security of IP is due to the fact that:
Architecture of modern means of automated information processing,
Organizational, structural and functional construction of information and computing systems and networks,
Technologies and conditions for automated information processing are such that the accumulated, stored and processed information is subject torandom influences extremelya large number of factors . Due to this it becomes it is impossible to formalize the task of describing the complete set of threats.
Consequently, for the protected system determinenot a complete list of threats,and a list of threat classes.
End user devices, as a rule, are quite successfully protected by antivirus programs and software firewalls (firewalls, firewalls). Computer networks it is more difficult to protect as a whole. One software can't get by here. Solving the security issue computer networks is the installation of firewalls in software and hardware at the border of networks.The main tasks of firewalls include protecting computers from intruders from an external network and the consequences of such an intrusion - leakage/change of information. Installing firewall with the required configuration on the border with an external network, you can be sure that your computer will be “invisible” from the outside (unless the administration policy provides access to it). Modern firewalls operate on the principle of “everything that is not permitted is prohibited,” that is, you decide for yourself which protocol or program to allow access to the internal network.
In addition to network security functions, firewall provides the opportunity normal functioning network applications.
Undoubtedly, firewall– this is not a panacea for all the ills of the computer world. Always take into account" human factor", since it is a person who can unknowingly (and sometimes purposefully) harm an information system by performing actions that violate the security policy. This could be an information leak through a connection external media, establishing an additional unprotected Internet connection, deliberately changing information by an authorized user, etc.
This book proposes for consideration the conditions and prerequisites for the emergence of threats when storing information and transmitting it over networks and communication systems, methods for preventing threats, protecting and ensuring the security of information in general, as well as technologies and methods that make it possible to ensure the operation and security of networks, using the example firewalls and Internet routers D-Link.
The course uses the following icons to indicate network devices and connections:
First of all, it is necessary to define the basic concepts and terms related to information security.
In a broad sense Information system there is a set of technical, software and organizational support, as well as personnel, designed to provide system users with the necessary information in a timely manner.
Information Security– protection of confidentiality, integrity and availability of information.
Information security– the state of protection of stored information from negative influences.
Network Security– this is a set of requirements for the infrastructure of an enterprise computer network and the policies for working in it, the implementation of which ensures protection network resources from unauthorized access.
Under network security It is generally accepted to understand the protection of the information infrastructure of an object (using authentication, authorization, firewalls, IDS/IPS intrusion detection systems and other methods) from intrusions from outside attackers, as well as protection from accidental errors (using DLP technologies) or intentional actions of personnel with access to information within the enterprise itself. DLP (Data Leak Prevention) is a modern technology for protecting confidential information from possible leaks from an information system using software or hardware. Leakage channels can be network (for example, Email) or local (using external drives).
Authentication(Authentication) – a procedure for verifying user identification data (most often, login and password) when accessing an information system.
Authorization( Authorization ) – granting a specific user the rights to perform certain actions. Authorization occurs after authentication and uses the user's ID to determine what resources he has access to. In information technologies, with the help of authorization, access rights to resources and data processing systems are established and implemented.
Authenticity in the transmission and processing of data - the integrity of information, the authenticity of the fact that the data was created by legitimate participants information process, and the impossibility of relinquishing authorship.
Data protection is an activity aimed at preventing leakage of protected information, unauthorized and unintentional (accidental) impacts on protected information.
Possible targets in information systems:
The objects of influence for the purpose of violating the confidentiality, integrity or availability of information can be not only elements of the information system, but also the infrastructure supporting it, which includes utility networks (electricity, heat supply, air conditioning systems, etc.). In addition, you should pay attention to the territorial location technical means, which should be placed in a protected area. It is recommended to install wireless equipment so that the coverage area wireless network did not leave the controlled area.
Given the wide range of threats, information protection requires A complex approach.
Controlled area– this is a protected space (territory, building, office, etc.), within which the communication equipment and all local peripheral connection points information network enterprises.
Access control rules– a set of rules governing user access rights to information system resources.
Authorized access to information does not violate the rules of access control.
Unauthorized access(unauthorized actions) – access to information or actions with information carried out in violation of established rights and/or rules for restricting access to information.
Security Threats information systems are classified according to several criteria (Fig. 1.1).
Confidentiality threats aimed at obtaining (stealing) confidential information. When these threats are implemented, information becomes known to people who should not have access to it. Unauthorized access to information stored in an information system or transmitted through data transmission channels (networks), copying of this information is a violation of the confidentiality of information.
Threats of information integrity violation stored in an information system or transmitted via data networks, are aimed at changing or distorting data, leading to a violation of quality or complete destruction of information. The integrity of information can be violated intentionally by an attacker, as well as as a result of objective influences from the environment surrounding the system (interference). This threat is especially relevant for information transmission systems - computer networks and telecommunications systems. Intentional violations of the integrity of information should not be confused with its authorized modification, which is carried out by authorized users for a valid purpose.
Threats to compromise system availability(denial of service) are aimed at creating situations where certain actions either reduce the performance of an information system or block access to some of its resources.
Causes random influences:
Intentional influences are associated with the targeted actions of an attacker, which can be any interested party (competitor, visitor, staff, etc.). The attacker’s actions can be due to various motives: the employee’s dissatisfaction with his career, material interest, curiosity, competition, the desire to assert himself at any cost, etc.
Insider threats initiated by the personnel of the facility where the system containing confidential information is installed. The reasons for the occurrence of such threats may be an unhealthy climate in the team or dissatisfaction with the work performed by some employees, who may take actions to provide information to persons interested in receiving it.
There is also the so-called " human factor"when a person unintentionally, by mistake, commits actions leading to the disclosure of confidential information or disruption of the availability of an information system. An attacker (competitor) can obtain a large share of confidential information if employee-users of computer networks do not comply with basic information security rules. This can manifest itself , for example, in the primitiveness of passwords or in the fact that the user stores a complex password on paper in a visible place or writes it down in text file on a hard drive, etc. Leakage of confidential information can occur when using unsecured communication channels, for example, via a telephone connection.
Under external threats security refers to threats created by third parties and emanating from the external environment, such as:
In the modern world, when it has become possible to use services using the information communication environment (electronic payments, online stores, electronic queues, etc.), the risk of external threats increases many times over.
As a rule, unauthorized access, interception, theft of information transmitted via communication channels is carried out by means of technical intelligence, such as radio receivers, means of retrieving acoustic information, systems for intercepting signals from computer networks and monitoring telecommunications, means of retrieving information from communication cables, and others.
Classification of threat sources
Classification of information security threats
Threat concepts security object and object vulnerabilities were introduced earlier. To fully represent the interaction between the threat and the protected object, we introduce the concepts of the source of the threat and the attack.
Site security threat- possible impact on the object, which directly or indirectly may damage its safety.
Source of threat- these are potential anthropogenic, man-made or natural sources of security threats.
Object vulnerability- these are the reasons inherent in the object that lead to a violation of the security of information at the object.
Attack- these are the possible consequences of a threat when the source of the threat interacts through existing vulnerabilities. An attack is always a “source-vulnerability” pair that implements a threat and leads to damage.
Figure 2.1
Suppose, a student goes to school every day and at the same time crosses the roadway in the wrong place. And one day he gets hit by a car, which causes him damage, in which he becomes unable to work and cannot attend classes. Let's analyze this situation. Consequences in in this case- These are the losses that the student suffered as a result of the accident. Our threat is the car that hit the student. The vulnerability was that the student crossed the roadway in an unspecified location. And the source of the threat in this situation was that certain force that did not allow the driver to avoid hitting the student.
Information is not much more difficult. There are not so many threats to information security. A threat, as follows from the definition, is the danger of causing damage, that is, this definition shows a strict connection technical problems with a legal category, which is “damage”.
Moral and material damage business reputation organizations;
Moral, physical or material damage associated with the disclosure of personal data of individuals;
Material (financial) damage from disclosure of protected (confidential) information;
Material (financial) damage from the need to restore damaged protected information resources;
Material damage (losses) from the inability to fulfill assumed obligations to a third party;
Moral and material damage from disruption of the organization’s activities;
Material and moral damage from violation of international relations.
Threats to information security are violations in ensuring:
2. Availability;
3. Integrity.
Confidentiality of information- this is the property of information to be known only to its authenticated legitimate owners or users.
Confidentiality violations:
Theft (copying) of information and means of processing it;
Loss (unintentional loss, leakage) of information and means of processing it.
Availability of information is the property of information to be accessible to its authenticated legitimate owners or users.
Accessibility violations:
Blocking information;
Destruction of information and means of processing it.
Information integrity- this is the property of information to be unchanged in semantic sense when exposed to accidental or intentional distortions or destructive influences.
Violations in ensuring integrity:
Modification (distortion) of information;
Denial of the authenticity of information;
Imposing false information.
Carriers of security threats information are sources of threats. Both subjects (personality) and objective manifestations can act as sources of threats. Moreover, sources of threats can be located both inside the protected organization - internal sources, and outside it - external sources.
All sources of information security threats can be divided into three main groups:
1 Caused by the actions of the subject (anthropogenic sources of threats).
2 Caused by technical means (man-made sources of threat).
3 Caused by natural sources.
Anthropogenic sources threats to information security are entities whose actions can be classified as intentional or accidental crimes. Only in this case can we talk about causing damage. This group is the most extensive and is of the greatest interest from the point of view of organizing protection, since the actions of the subject can always be assessed, predicted and adequate measures taken. Methods of counteraction in this case are manageable and directly depend on the will of the organizers of information security.
As an anthropogenic source threats can be considered a subject who has access (authorized or unauthorized) to work with the standard means of the protected object. Subjects (sources) whose actions may lead to a violation of information security can be both external and internal. External sources may be accidental or deliberate and have varying levels of expertise.
Internal actors(sources), as a rule, are highly qualified specialists in the field of development and operation of software and hardware, are familiar with the specifics of the tasks being solved, the structure and basic functions and principles of operation of software and hardware information security tools, and have the ability to use standard equipment and technical means networks.
It is also necessary to take into account that a special group of internal anthropogenic sources consists of persons with mental disorders and specially deployed and recruited agents, who may be from among the main, auxiliary and technical personnel, as well as representatives of the information security service. This group is considered as part of the sources of threats listed above, but the methods of countering threats for this group may have their differences.
The second group contains sources of threats determined by technocratic human activity and the development of civilization. However, the consequences caused by such activities are beyond human control and exist on their own. This class of sources of threats to information security is especially relevant in modern conditions, since in the current conditions experts expect a sharp increase in the number of man-made disasters caused by the physical and moral obsolescence of the equipment used, as well as the lack of material resources to update it. Technical means that are sources of potential threats to information security can also be external and internal.
Third group of sources threats are united by circumstances that constitute force majeure, that is, circumstances that are objective and absolute in nature, applicable to everyone. Force majeure in legislation and contractual practice includes natural disasters or other circumstances that cannot be foreseen or prevented, or can be foreseen, but cannot be prevented with the current level of human knowledge and capabilities. Such sources of threats are completely unpredictable, and therefore measures to protect against them must always be applied.
Natural sources potential threats to information security, as a rule, are external to the protected object and are understood, first of all, as natural disasters.
The classification and list of threat sources are given in Table 2.1.
Table 2.1 - Classification and list of sources of information security threats
| Anthropogenic sources | External | Criminal structures |
| Potential criminals and hackers | ||
| Unfair partners | ||
| Technical staff of telecommunications service providers | ||
| Representatives of supervisory organizations and emergency services | ||
| Representatives of law enforcement agencies | ||
| Domestic | Key personnel (users, programmers, developers) | |
| Information security representatives (administrators) | ||
| Support staff (cleaners, security) | ||
| Technical personnel (life support, operation) | ||
| Technogenic sources | External | Means of communication |
| Utility networks (water supply, sewerage) | ||
| Transport | ||
| Domestic | Poor quality technical means of information processing | |
| Poor quality software information processing | ||
| Auxiliary equipment (security, alarm, telephony) | ||
| Other technical means used in the institution | ||
| Natural sources | External | Fires |
| Earthquakes | ||
| Floods | ||
| Hurricanes | ||
| Magnetic storms | ||
| Radioactive radiation | ||
| Various contingencies | ||
| Unexplained phenomena | ||
| Other force majeure circumstances |
All threat sources have varying degrees of danger TO fear, which can be quantified by ranking them. In this case, the assessment of the degree of danger is carried out using indirect indicators.
Possibility of a source K 1 - determines the degree of accessibility to the ability to exploit vulnerability for anthropogenic sources, distance from vulnerability for man-made sources or features of the situation for random sources;
Source readiness TO 2 - determines the degree of qualification and attractiveness of committing acts from the source of threat for anthropogenic sources or the presence necessary conditions for man-made and natural sources;
Fatality TO 3 - determines the degree of unavoidability of the consequences of the threat.
Each indicator assessed by an expert-analytical method using a five-point system. Moreover, 1 corresponds to the minimum degree of influence of the assessed indicator on the danger of using the source, and 5 corresponds to the maximum.
TO The factor for a particular source can be defined as the ratio of the product of the above indicators to the maximum value (125):
Threats, as possible dangers of committing any action directed against the object of protection, do not manifest themselves, but through vulnerabilities that lead to a violation of information security at a specific object of informatization.
Vulnerabilities are inherent object of informatization, are inseparable from it and are determined by the shortcomings of the functioning process, the properties of the architecture automated systems, exchange protocols and interfaces used by the software and hardware platform, operating conditions and location.
Sources of threats can use vulnerabilities to violate the security of information, obtain illegal benefits (causing damage to the owner, possessor, user of information). In addition, non-malicious actions by threat sources to activate certain vulnerabilities that cause harm are possible.
Each threat can be associated with different vulnerabilities. Elimination or significant mitigation of vulnerabilities affects the possibility of information security threats being realized.
Information security vulnerabilities can be:
Objective;
Subjective;
Random.
Objective vulnerabilities depend on the construction features and technical characteristics equipment used at the protected object. Complete elimination of these vulnerabilities is impossible, but they can be significantly mitigated by technical and engineering methods of fending off threats to information security.
Subjective vulnerabilities depend on the actions of employees and are mainly eliminated by organizational and software and hardware methods.
Random vulnerabilities depend on the characteristics of the environment surrounding the protected object and unforeseen circumstances. These factors, as a rule, are little predictable and their elimination is possible only by carrying out a set of organizational, engineering and technical measures to counter threats to information security.
The classification and list of information security vulnerabilities are given in Table 2.2.
Table 2.2 - Classification and list of information security vulnerabilities
| Objective vulnerabilities | Related technical means of radiation | Electromagnetic | Spillover emissions from technical equipment elements |
| Cable lines of technical equipment | |||
| Radiation at generator frequencies | |||
| At self-excitation frequencies of amplifiers | |||
| Electrical | Induction of electromagnetic radiation onto lines and conductors | ||
| Leakage of signals in the power supply circuit, in the ground circuit | |||
| Uneven power supply current consumption | |||
| Sound | Acoustic | ||
| Vibroacoustic | |||
| Activated | Installable hardware bookmarks | into telephone lines | |
| On the power supply | |||
| Indoors | |||
| In technical means | |||
| Software bookmarks | Malware | ||
| Technological outputs from programs | |||
| Illegal copies of software | |||
| Determined by the characteristics of the elements | Elements with electroacoustic transformations | Telephone sets | |
| Loudspeakers and microphones | |||
| Inductors | |||
| Chokes | |||
| Transformers, etc. | |||
| Items exposed to electromagnetic fields | Magnetic media | ||
| Microcircuits | |||
| Nonlinear elements subject to RF interference | |||
| Determined by the characteristics of the protected object | Object location | No controlled area | |
| Availability of direct visibility of objects | |||
| Remote and mobile object elements | |||
| Vibrating reflective surfaces | |||
| Organization of information exchange channels | Using radio channels | ||
| Global information networks | |||
| Rented channels | |||
| Subjective vulnerabilities | Errors (negligence) | When preparing and using the software | When developing algorithms and software |
| When installing and downloading software | |||
| When using the software | |||
| When entering data (information) | |||
| When setting up universal system services | |||
| Self-learning (self-adjusting) complex system of systems | |||
| When using technical equipment | When turning on/off technical means | ||
| When using technical security means | |||
| Incompetent actions | When configuring and managing a complex system | ||
| When setting up the software | |||
| When organizing information exchange flow management | |||
| When setting up technical means | |||
| When setting up standard software protection tools | |||
| Unintentional actions | Damage (deletion) of software | ||
| Damage (deletion) of data | |||
| Damage (destruction) of storage media | |||
| Damage to communication channels | |||
| Violations | Security and protection modes | Access to the facility | |
| Access to technical means | |||
| Confidentiality | |||
| Mode of operation of hardware and software | Energy supply | ||
| Life support | |||
| Installations of non-standard equipment | |||
| Installations of non-standard software (game, educational, technological) | |||
| Use of information | Processing and exchange of information | ||
| Storage and destruction of storage media | |||
| Destruction of production waste and defects | |||
| Psychogenic | Psychological | Antagonistic relationships (envy, bitterness, resentment) | |
| Dissatisfaction with your situation | |||
| Dissatisfaction with the actions of management (discipline, dismissal) | |||
| Psychological incompatibility | |||
| Mental | Psychical deviations | ||
| Stressful situations | |||
| Physiological | Physical condition (fatigue, pain) | ||
| Psychosomatic condition | |||
| Random vulnerabilities | Failures and failures | Failures and malfunctions of technical equipment | Processing information |
| Ensuring the functionality of information processing facilities | |||
| Providing security and access control | |||
| Aging and demagnetization of storage media | Floppy disks and removable media | ||
| Hard drives | |||
| Microcircuit elements | |||
| Cables and connecting lines | |||
| Software glitches | Operating systems and DBMS | ||
| Application programs | |||
| Service programs | |||
| Antivirus programs | |||
| Power failures | Information processing equipment | ||
| Support and auxiliary equipment |
All vulnerabilities have varying degrees of danger K problem, which can be quantified by ranking them.
In this case, you can choose as comparison criteria:
Fatality K 4 - determines the degree of influence of the vulnerability on the unavoidability of the consequences of the threat;
Availability K 5 - determines the possibility of exploitation of the vulnerability by a threat source;
Quantity K 6 - determines the number of object elements that are characterized by a particular vulnerability.
K The margin for an individual vulnerability can be defined as the ratio of the product of the above indicators to the maximum value (125):
Intruder model information security is a set of assumptions about one or more possible violators of information security, their qualifications, their technical and material means, etc.
Properly designed model violation is a guarantee of building an adequate information security system. Based on the constructed model, it is already possible to build an adequate information security system.
Most often built informal model of the offender, reflecting the reasons and motives of actions, his capabilities, a priori knowledge, goals pursued, their priority for the violator, the main ways to achieve his goals: methods of implementing the threats emanating from him, the place and nature of the action, possible tactics, etc. To achieve his goals, the violator must make certain efforts and spend some resources.
Having identified the main reasons violations, it seems possible to influence them or necessary to adjust the requirements for the system of protection against of this type threats. When analyzing security violations, it is necessary to pay attention to the subject (personality) of the violator. Eliminating the reasons or motives that prompted the violation can help avoid a recurrence of a similar incident in the future.
There may be more than one model; it is advisable to build several different models different types violators of information security of the protected object.
To build a model the offender uses information received from security services and analytical groups, data on existing means of access to information and its processing, possible ways interception of data at the stages of their transmission, processing and storage, about the situation in the team and at the protection site, information about competitors and the market situation, about past cases of information security violations, etc.
In addition, they evaluate real operational technical capabilities of an attacker to influence the protection system or the protected object. Technical capabilities mean a list of various technical means that an offender may have in the process of committing actions directed against the information security system.
Violators are internal and external.
Among internal violators, we can primarily highlight:
Direct users and operators of the information system, including managers at various levels;
Administrators computer networks and information security;
Application and system programmers;
Security officers;
Building maintenance technicians and computer technology, from cleaner to service engineer;
Support staff and temporary workers.
Among the reasons that motivate employees to engage in unlawful actions are the following:
Irresponsibility;
User and administrator errors;
Demonstration of one's superiority (self-affirmation);
- “fight against the system”;
Selfish interests of system users;
Disadvantages of the information technologies used.
The group of external violators may include:
Clients;
Invited visitors;
Representatives of competing organizations;
Employees of departmental supervision and management bodies;
Access control violators;
Observers outside the protected area.
In addition, classification can be carried out according to the following parameters.
Methods and means used:
Collection of information and data;
Passive interception means;
Use of tools included in the information system or its protection system and their shortcomings;
Actively monitoring modifications of existing information processing tools, connecting new tools, using specialized utilities, introducing software bookmarks and “back doors” into the system, connecting to data transmission channels.
The offender’s level of knowledge regarding the organization of the information structure:
Typical knowledge about methods for constructing computer systems, network protocols, usage standard set programs;
High level of knowledge network technologies, experience working with specialized software products and utilities;
High knowledge in programming, system design and operation of computer systems;
Possession of information about the means and mechanisms of protection of the attacked system;
The offender was a developer or took part in the implementation of an information security system.
Time of information impact:
At the time of information processing;
At the time of data transfer;
In the process of storing data (taking into account the operating and non-operating states of the system).
By location of impact:
Remotely using interception of information transmitted over data channels, or without its use;
Access to the protected area;
Direct physical contact with computer technology, which can be distinguished: access to workstations, access to enterprise servers, access to administration, control and management systems of the information system, access to management programs of the information security system.
Table 2.3 shows examples of models of information security violators and their comparative characteristics.
Table 2.3 - Comparative characteristics several models of the intruder
| Characteristic | Lone hacker | Hacker group | Competitors | Government agencies, special forces |
| Computing power of technical means | Personal Computer | LAN, use of other people's computer networks | Powerful computing networks | Unlimited computing power |
| Internet access, type of access channels | Modem or leased line | Using someone else's high-bandwidth channels | Own high-bandwidth channels | Independent control over Internet traffic routing |
| Financial opportunities | Severely limited | Limited | Great opportunities | Virtually unlimited |
| Level of knowledge in the field of IT | Low | High | High | Tall, Standard Developers |
| Technologies used | Ready-made programs, known vulnerabilities | Search for new vulnerabilities, production of malware | Modern methods of penetration into Information Systems and impact on data flows in it | Thorough knowledge of information technology: possible vulnerabilities and shortcomings |
| Knowledge of building a facility protection system | Insufficient knowledge about building an information system | May make efforts to gain an understanding of how the security system operates | They can make efforts to gain an understanding of the principles of operation of the security system and introduce their representative into the security service | During the certification process of the system, representatives of government agencies can receive fairly complete information about its construction |
| Pursued goals | Experiment | Introducing distortions into the operation of the system | Blocking the functioning of the system, undermining the image, ruin | Unpredictable |
| Nature of action | Hidden | Hidden | Hidden or open demonstrative | May not bother hiding his actions |
| Penetration depth | Most often stops after the first successful impact | Until the goal is achieved or a serious obstacle appears | Until the bitter end | Nothing can stop them |
