Despite the costly methods being undertaken, the functioning of computer information systems revealed weaknesses in the protection of information. The inevitable consequence is the ever-increasing cost and effort to protect information. However, in order for the measures taken to be effective, it is necessary to determine what a threat to information security is, to identify possible channels of information leakage and ways of unauthorized access to protected and others.

Under information security threatunderstood an action or event that can lead to the destruction, distortion or unauthorized use of information resources, including stored, transmitted and processed information, as well as software and hardware.

Threats are usually divided into random,or unintentional,and deliberate.The source of the former can be software errors, hardware failures, incorrect actions of users or administration, etc. Intentional threats, in contrast to accidental ones, pursue the goal of harming AIS users and, in turn, are divided into active and passive.

Passive threatsas a rule, they are aimed at unauthorized use of information resources without influencing its functioning. A passive threat is, for example, an attempt to obtain information circulating in the channels by listening to them.

Active threatsare aimed at disrupting the normal functioning process by purposefully influencing hardware, software and information resources. Active threats include, for example, the destruction or electronic suppression of communication lines, the disabling of a PC or its operating system, distortion of information in databases or system information in computer technologies, etc. Sources of active threats can be direct actions of intruders, software viruses, etc.

The main threats to information security include:

disclosure of confidential information;

compromising information;

unauthorized use of information resources;

erroneous use of information resources;

unauthorized exchange of information;

refusal of information;

denial of service.

By means of threat realization disclosure of confidential informationthere may be unauthorized access to databases, listening to channels, etc. In any case, the receipt of information that is the property of a certain person (group of persons) by other persons causes significant damage to its owners.

Compromise of information,as a rule, it is implemented by introducing unauthorized changes to the database, as a result of which its consumer is forced to either abandon it or take additional efforts to identify changes and restore true information. In the case of using compromised information, the consumer is in danger of making wrong decisions with all the ensuing consequences.

Unauthorized use of information resources, withon the one hand, it is a means of disclosing or compromising information, and on the other hand, it has an independent meaning, since, even without touching user or system information, it can cause certain damage to subscribers and administration. This damage can vary in very wide ranges - from a reduction in the flow of funds to a complete failure of the AIS.

Misuse of information resourcesbeing authorized, however, may result in the destruction, disclosure or compromise of specified resources. This threat is most often the result of errors in the AIS software.

Unauthorized exchange of informationcrayon subscribers can lead to the receipt of information by one of them, access to which he is prohibited from, which in its consequences is tantamount to the destruction of the content of banking information.

Refusal of informationconsists in non-recognition recipientor the sender of this information, the facts of its receipt or sending. In the context of banking activities, this, in particular, allows one of the parties to terminate the concluded financial agreements "technically", without formally abandoning them and thereby causing significant damage to the other party.

Denial of serviceis a very significant and widespread threat, the source of which is the AIS itself. Such a refusal is especially dangerous in situations where a delay in the provision of resources to the subscriber can lead to serious consequences for him. Thus, the lack of the data necessary for making a decision by the user during the period of time when this decision is still possible to effectively implement, may cause his irrational or even antitrust actions.

The most common ways of unauthorized accessto the information formulated on the basis of the analysis of foreign press are:

interception of electronic emissions;

the use of eavesdropping devices (bookmarks);

remote photography;

interception of acoustic. radiation and restoration of printer text;

theft of media and documentary waste;

reading residual information in the system memory after executing authorized requests;

copying information carriers with overcoming security measures

disguise as a registered user;

hoax (disguise as system requests);

using software traps;

exploiting the shortcomings of programming languages \u200b\u200band operating systems;

illegal connection to equipment and communication lines; malicious disabling of protection mechanisms;

introduction and use of computer viruses.

The problem of computer viruses is currently of particular concern.

The problem of creating an information security system includes two mutually complementary tasks.

1. Development of an information security system (its synthesis).

2. Assessment of the developed information protection system. The second task is solved by analyzing its technical characteristics in order to establish whether the information protection system meets the set of requirements for such systems.

Such a task is currently being solved almost exclusively by expert means through the certification of information security tools and certification of the information security system in the process of its implementation.

Methods and means of information security are shown in the figure.

Figure: Methods and means of information security.

Let's consider the main content of the presented means and methods of information protection, which form the basis of protection mechanisms.

Obstacle -the method of physically blocking the path of the attacker to the protected information (to equipment, information carrier, etc.).

Access control -a method of information protection by regulating the use of all resources of the computer information system of banking (database elements, software and hardware). Access control includes the following security features:

Identification of users, personnel and system resources (assigning a personal identifier to each object);

Identification (authentication) of an object or subject by the identifier presented by him;

Authorization check (checking the compliance of the day of the week, time of day, requested resources and procedures with the established regulations);

Permission and creation of working conditions within the established regulations;

Registration (logging) of calls to protected resources;

Response (signaling, shutdown, delayed work, refusal to request) when attempting unauthorized actions.

Disguise- a method of protecting information by its cryptographic closure. This method of protection is widely used abroad, both during processing and storage of information, including on floppy disks. When transmitting information over long-distance communication channels, this method is the only reliable one.

Regulation- a method of information protection that creates conditions for the automated processing, storage and transmission of protected information, in which the possibility of unauthorized access to it would be minimized.

Compulsion -a method of protection in which users and system personnel are forced to comply with the rules for the processing, transfer and use of protected information under the threat of material, administrative or criminal liability.

Motivation -a method of protection that encourages the user and personnel of the system not to destroy the established order by complying with the established moral and ethical standards (both regulated and unwritten).

The considered methods of ensuring safety are implemented in practice through the use of various means of protection, such as technical, software, organizational, legislative and moral and ethical.

The main means of protection used to create a protection mechanism include the following:

technical meanssold as electrical, electromechanical and electronic devices. The entire set of technical means is divided into hardware and physical. Under hardware technical means it is customary to understand devices embedded directly into computing equipment or devices that interface with such equipment via a standard interface;

physical meansare implemented as stand-alone devices and systems. For example, locks on the doors where the equipment is located, grilles on the windows, electronic and mechanical security alarm equipment;

softwareare software specifically designed to perform information security functions;

organizational meansprotection are organizational, technical and organizational and legal measures carried out in the process of creating and operating computers, telecommunications equipment to ensure the protection of information. Organizational measures cover all structural elements of equipment at all stages of their life cycle (construction of premises, design of a computer information system for banking, installation and adjustment of equipment, testing, operation);

moral and ethical meansprotections are implemented in the form of all sorts of norms that have developed traditionally or are taking shape with the spread of computing technology and communications in society. For the most part, these norms are not mandatory as legislative measures, however, non-compliance with them usually leads to a loss of a person's authority and prestige. The most prominent example of such norms is the US Computer User Associations' Code of Professional Conduct;

legislative meansprotections are determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of restricted information and establish measures of responsibility for violation of these rules.

All considered remedies are divided into formal(performing protective functions strictly according to a predetermined procedure without direct human participation) and informal(determined by purposeful human activity or regulate this activity).

To implement security measures, various encryption mechanisms (cryptography).Cryptography is the science of ensuring the secrecy and / or authenticity (authenticity) of transmitted messages.

Computer security issues. Computer viruses.

In computing, the concept of security is very broad. It implies both the reliability of the computer, and the safety of valuable data, and the protection of information from changes to it by unauthorized persons, and the preservation of the secrecy of correspondence in electronic communications. Of course, in all civilized countries, laws are guarding the safety of citizens, but in the field of computer technology, law enforcement practice is not yet developed enough, and the lawmaking process does not keep pace with the development of technology, therefore, the reliability of computer systems is largely based on self-defense measures.

Computer virus Is a program code embedded in another program, or in a document, or in certain areas of a storage medium, designed to perform unauthorized actions on a host computer. The main types of computer viruses are:

software viruses;

boot viruses;

macro viruses.

Computer viruses are also associated with the so-called trojan horses (Trojans, Trojans).

Software viruses... Software viruses are blocks of program code that are purposefully injected into other application programs. When a program carrying a virus is launched, the virus code implanted into it is launched. The operation of this code causes changes hidden from the user in the file system of hard drives and / or in the content of other programs. So, for example, a viral code can reproduce itself in the body of other programs - this process is called reproduction.After a certain time, having created a sufficient number of copies, the software virus can proceed to destructive actions - disrupting the operation of programs and the operating system, deleting information stored on the hard disk. This process is called viral attack.

The most damaging viruses can initiate formatting of hard drives. Since disk formatting is a rather lengthy process that should not go unnoticed by the user, in many cases software viruses are limited to destroying data only in the system sectors of the hard disk, which is equivalent to the loss of file structure tables. In this case, the data on the hard disk remains intact, but it is impossible to use it without the use of special tools, since it is not known which sectors of the disk belong to which files. It is theoretically possible to restore data in this case, but the complexity of these works is extremely high.

It is believed that no virus can damage the computer's hardware. However, there are times when hardware and software are so intertwined that software damage must be repaired by replacing the hardware. For example, in most modern motherboards, the basic input / output system (BIOS) is stored in rewritable read-only memory (the so-called flash memory).The ability to overwrite information in the flash memory chip is used by some software viruses to destroy BIOS data . In this case, to restore the health of the computer, either the replacement of the microcircuit that stores the BIOS is required , or reprogramming it on special devices called programmers.

Software viruses enter the computer when you run unverified programs received on an external medium (floppy disk, CD, etc.) or received from the Internet. Pay special attention to words at startup.During normal copying of infected files, computer infection cannot occur. In this regard, all data received from the Internet must undergo a mandatory security check, and if unsolicited data is received from an unknown source, it should be destroyed without being examined. A common technique for distributing Trojans is to attach an email with a “recommendation” to extract and run a supposedly useful program.

Boot viruses.Boot viruses differ from software viruses in their propagation method. They do not port program files, but rather certain system areas of magnetic media (floppy and hard disks). In addition, on a computer that is turned on, they may be temporarily located in RAM.

Usually, infection occurs when an attempt is made to boot a computer from a magnetic medium, the system area of \u200b\u200bwhich contains a boot virus. For example, when trying to boot a computer from a floppy disk, the virus first penetrates into the RAM, and then into the boot sector of hard disks. Further, this computer itself becomes the source of the distribution of the boot virus.

Macroviruses.This special type of virus infects documents executed in some application programs that have the means to execute so-called macros. . In particular, these documents include Microsoft Word documents (they have the DOC extension). Infection occurs when a document file is opened in the program window, unless the ability to execute macros is disabled in it. As with other types of viruses, the result of an attack can be both relatively harmless and destructive.

Methods for protecting against computer viruses... There are three lines of defense against computer viruses:

preventing the entry of viruses;

prevention of a virus attack, if the virus nevertheless entered the computer;

prevention of destructive consequences if an attack did occur. There are three methods for implementing protection:

software protection methods;

hardware protection methods;

organizational methods of protection.

In the matter of protecting valuable data, a common approach is often used: “it is better to prevent disease than to cure”. Unfortunately, it is he who causes the most destructive consequences. Having created bastions on the way of viruses penetrating into a computer, you cannot rely on their strength and remain unprepared for action after a destructive attack. In addition, a virus attack is far from the only or even the most common reason for the loss of important data. There are software glitches that can disable the operating system, as well as hardware glitches that can render the hard drive unusable. There is always the possibility of losing your computer along with valuable data as a result of theft, fire or other natural disaster.

Therefore, a security system should be created first of all "from the end" - to prevent the destructive consequences of any impact, be it a virus attack, theft in a room, or a physical failure of a hard disk. Reliable and secure work with data is achieved only when any unexpected event, including the complete physical destruction of the computer, does not lead to catastrophic consequences.

Anti-virus protection tools

The main means of protecting information is backing up the most valuable data. In case of loss of information for any of the above reasons, hard drives are reformatted and prepared for new use. An operating system is installed on a "blank" formatted disk from a distribution CD, then under its control all the necessary software is installed, which is also taken from the distribution media. Computer recovery is completed by restoring data taken from the backup media.

When backing up data, you should also keep in mind that you must separately save all registration and password data for accessing Internet network services. They should not be stored on a computer. The usual storage place is a service diary in the unit manager's safe.

When creating an action plan for backing up information, it must be borne in mind that backups must be stored separately from the computer, That is, for example, backing up information on a separate hard disk of the same computer only creates the illusion of security. A relatively new and fairly reliable method for storing valuable, but non-confidential data is storing it in Web folders on remote servers on the Internet. There are services that provide free space (up to several MB) for storing user data.

Backups of confidential data are stored on external media, which are stored in safes, preferably in separate rooms. When developing an organizational backup plan, consider the need to create at least two backups stored in different locations. Between copies carry out rotation.For example, within a week, data is copied daily to the media of backup set A, and after a week they are replaced with set B, etc.

Antivirus programs and hardware protection tools are auxiliary information protection tools. So, for example, a simple disconnection of the jumper on the motherboard will not allow erasing the reprogrammable ROM chip. (flash BIOS),no matter who tries to do it: a computer virus, an intruder, or a careless user.

There are many anti-virus protection software. They provide the following capabilities.

1. Creating a hard disk image on external media(such as floppy disks). In case of data failure in the system areas of the hard disk, the saved "disk image" can allow recovering, if not all data, then at least most of them. it the samethe tool can protect against data loss in case of hardware failures and inaccurate hard disk formatting.

2. Regular scanning of hard drives in search of computer viruses. Scanning is usually performed automatically every time you turn on your computer and when you place an external drive in the reader. When scanning, keep in mind that the anti-virus program looks for a virus by comparing the program code with the codes of known viruses stored in the database. If the database is out of date and the virus is new, the scan program will not detect it. For reliable operation, you should regularly update your antivirus software. Desirable update frequency - once every two weeks; permissible - once every three months. As an example, let us point out that the devastating consequences of the attack of the W95.СIН.1075 ("Chernobyl") virus, which caused the destruction of information on hundreds of thousands of computers on April 26, 1999, were associated not with a lack of protection against it, but with a long delay (more than a year) in updating these tools.

3. Control over changes in file sizes and other attributes. Since some computer viruses change the parameters of infected files at the stage of propagation, the monitoring program can detect their activity and warn the user.

The purpose of protecting information is to prevent damage to the user, owner or proprietor. The object of protection can be information, its carrier, information process, in respect of which it is necessary to protect in accordance with the set goals.

To solve the problem of information protection, the main means used to create protection mechanisms are considered to be:

1. Technical means - implemented in the form of electrical, electromechanical, electronic devices. The whole set of technical means is usually divided:

hardware - devices built directly into the hardware, or devices that interface with the hardware via a standard interface (parity information control schemes, memory field protection schemes by key, special registers);

physical - are implemented in the form of autonomous devices and systems (electronic and mechanical equipment for security alarm and surveillance, locks on doors, bars on windows).

Software - programs specially designed to perform functions related to information security.

In the course of the development of the concept of information protection, experts came to the conclusion that the use of any one of the above methods of protection does not ensure reliable storage of information. An integrated approach to the use and development of all means and methods of information protection is needed.

As a result, the following information protection methods were created:

1. Obstacle - physically blocks the path to the protected information (to the territory and premises with equipment, storage media) for the attacker.

Access control - a way to protect information by regulating the use of all system resources (hardware, software, data elements).

Access control includes the following security features:

identification of users, personnel and resources of the system, moreover, identification means assignment to each of the above-mentioned objects of a personal name, code, password and identification of the subject or object by the identifier presented to them;

verification of powers, which consists in checking the compliance of the day of the week, time of day, as well as the requested resources and procedures with the established regulations;

permission and creation of working conditions within the established regulations;

registration of calls to protected resources;

response (delay in work, failure, shutdown, alarm) when attempting unauthorized actions.

Disguise - a way to protect information by its cryptographic encryption. When transmitting information over long-distance communication lines, cryptographic closure is the only way to reliably protect it.

Regulation - consists in the development and implementation in the process of functioning of complexes of measures that create such conditions for automated processing and storage in protected information, in which the possibility of unauthorized access to it would be reduced to a minimum. For effective protection, it is necessary to strictly regulate the structural structure (architecture of buildings, equipment of premises, placement of equipment), organization and support of the work of all personnel involved in information processing.

Compulsion - users and personnel are forced to comply with the rules for the processing and use of protected information under the threat of material, administrative or criminal liability.

The considered methods of information protection are implemented using various means of protection, and distinguish between technical, software, organizational, legislative and moral and ethical means.

Organizational means of protection are organizational and legal measures carried out in the process of creation and operation to ensure the protection of information.

TO legislative remedies include the legislative acts of the country, which regulate the rules for the use and processing of information with limited access and establish measures of responsibility for violation of these rules.

TO moral and ethical means of protection include all sorts of norms that have developed traditionally or are taking shape as the spread of computing facilities in a given country or society. For the most part, these norms are not mandatory, as are legislative measures, but non-compliance with them usually leads to a loss of authority, prestige of a person or group of persons.

All considered remedies are divided:

Formal - performing protective functions strictly according to a predetermined procedure and without direct human participation.

Informal - such means that are either determined by the purposeful activities of people, or regulate this activity.

One of the most powerful tools to ensure confidentiality and control the integrity of information is cryptography... In many respects, it is central to software and hardware safety regulators, being the basis for the implementation of many of them and, at the same time, the last line of defense.

There are two main encryption methods called symmetric and asymmetric. In the first one, the same key is used for both encryption and decryption of messages. There are very effective methods symmetrical encryption. There is also a standard for similar methods - GOST 28147-89 "Information processing systems. Cryptographic protection. Cryptographic transformation algorithm".

The main disadvantage of symmetric encryption is that the secret key must be known to both the sender and the receiver. On the one hand, this poses a new problem with key distribution. On the other hand, a recipient who has an encrypted and decrypted message cannot prove that he received it from a specific sender, since he could have generated the same message himself.

IN asymmetric methods use two keys. One of them, unclassified, is used for encryption and can be published along with the user's address, the other is secret, used for decryption and is known only to the recipient. The most popular of the asymmetric is the RSA method (Ravest, Shamir, Adleman), based on operations with large (100-digit) primes and their products.

Asymmetric encryption methods allow implementing the so-called electronic signature, or electronic certification of a message. The idea is that the sender sends two copies of the message - an open one and one decrypted with his secret key (naturally, decrypting an unencrypted message is actually a form of encryption). The recipient can encrypt the decrypted copy with the sender's public key and compare it with the public one. If they match, the identity and signature of the sender can be considered established.

A significant disadvantage of asymmetric methods is their low speed, so they have to be combined with symmetric ones, while it should be borne in mind that asymmetric methods are 3 - 4 orders of magnitude slower than symmetric ones. So, to solve the key distribution problem, the message is first symmetrically encrypted with a random key, then this key is encrypted with the recipient's open asymmetric key, after which the message and the key are sent over the network.

When using asymmetric methods, it is necessary to have a guarantee of the authenticity of the (name, public key) pair of the recipient. To solve this problem, the concept of a certification center is introduced, which certifies the directory of names / keys with its signature.

Services typical of asymmetric encryption can also be implemented using symmetric methods if there is a reliable third party who knows the secret keys of their clients.

Cryptographic methods allow you to reliably control the integrity of information. Unlike traditional checksum methods, which can only resist random errors, the cryptographic checksum (dummy insertion), calculated using the secret key, virtually eliminates any possibility of invisible data changes.

Recently, a variety of symmetric encryption has become widespread, based on the use of composite keys. The idea is that the secret key is split into two parts, stored separately. Each part alone does not allow decryption. If law enforcement agencies have suspicions about the person using a certain key, they can obtain the halves of the key and then proceed in the usual way for symmetric decryption.

Methods and methods of information protection

The main threats to information security include:

disclosure of confidential information;

compromising information;

unauthorized use of information resources;

erroneous use of information resources;

unauthorized exchange of information;

refusal of information;

denial of service.

The most common ways of unauthorized accessto the information formulated on the basis of the analysis of foreign press are:

interception of electronic emissions;

the use of eavesdropping devices (bookmarks);

remote photography;

interception of acoustic. radiation and restoration of printer text;

theft of media and documentary waste;

reading residual information in the system memory after executing authorized requests;

copying information carriers with overcoming security measures

disguise as a registered user;

hoax (disguise as system requests);

using software traps;

exploiting the shortcomings of programming languages \u200b\u200band operating systems;

illegal connection to equipment and communication lines; malicious disabling of protection mechanisms;

introduction and use of computer viruses.

The problem of computer viruses is currently of particular concern.

The problem of creating an information security system includes two mutually complementary tasks.

1. Development of an information security system (its synthesis).

Methods and means of information security are shown in the figure.

Figure: Methods and means of information security.

Let's consider the main content of the presented means and methods of information protection, which form the basis of protection mechanisms.

Obstacle -the method of physically blocking the path of the attacker to the protected information (to equipment, information carrier, etc.).

Identification of users, personnel and system resources (assigning a personal identifier to each object);

Identification (authentication) of an object or subject by the identifier presented by him;

Authorization check (checking the compliance of the day of the week, time of day, requested resources and procedures with the established regulations);

Permission and creation of working conditions within the established regulations;

Registration (logging) of calls to protected resources;

Response (signaling, shutdown, delayed work, refusal to request) when attempting unauthorized actions.

The considered methods of ensuring safety are implemented in practice through the use of various means of protection, such as technical, software, organizational, legislative and moral and ethical.

The main means of protection used to create a protection mechanism include the following:

softwareare software specifically designed to perform information security functions;

To implement security measures, various encryption mechanisms (cryptography).Cryptography is the science of ensuring the secrecy and / or authenticity (authenticity) of transmitted messages.

Computer security issues. Computer viruses.

software viruses;

boot viruses;

macro viruses.

Computer viruses are also associated with the so-called trojan horses (Trojans, Trojans).

Methods for protecting against computer viruses... There are three lines of defense against computer viruses:

preventing the entry of viruses;

prevention of a virus attack, if the virus nevertheless entered the computer;

prevention of destructive consequences if an attack did occur. There are three methods for implementing protection:

software protection methods;

hardware protection methods;

organizational methods of protection.

Anti-virus protection tools

There are many anti-virus protection software. They provide the following capabilities.

Methods and means of protecting information in networks

Under the protection of information in computer systems, it is customary to understand the creation and maintenance of an organized set of tools, methods, methods and measures designed to prevent distortion, destruction and unauthorized use of information stored and processed in electronic form.

Let - a method of physically blocking the path of an attacker to the protected information (to equipment, storage media, etc.).

Access control - a way to protect information by regulating the use of all system resources (technical, software, time, etc.). These methods must resist all possible ways of unauthorized access to information. Access control includes the following security features:

identification of users, personnel and resources of the system (assigning a personal identifier to each object);
establishing the authenticity of an object or subject by the identifier presented by him;
verification of credentials;
permission and creation of working conditions within the established regulations;
registration (logging) of calls to protected resources;
response (alarm, shutdown, delay in work, refusal of a request, etc.) when attempting unauthorized actions.

Information maskingis usually done by cryptographically closing it. Encryption mechanisms are increasingly used both in processing and in storing information on magnetic media. When transmitting information over long-distance communication channels, this method is the only reliable one.

Counteracting viruses (or attacks by various malicious programs) involves a set of various organizational measures and the use of antivirus programs. The goals of the measures taken are to reduce the likelihood of IP infection, to identify the facts of system infection; reduction of the consequences of information infections, localization or destruction of viruses; information recovery in IS

Regulations is the implementation of a system of organizational measures that determine all aspects of the information processing process.

Compulsion - a way of protection, in which users and IS personnel are forced to comply with certain rules for working with information (processing, transferring and using protected information) under the threat of material, administrative or criminal liability.

Motivation - a way of protection encouraging users and IS personnel not to violate the established procedures by observing the established moral and ethical standards.

The means of protecting information stored and processed in electronic form are divided into three independent groups: technical, software and social and legal. In turn, the entire set of technical means is subdivided into hardware and physical. Socio-legal means include organizational, legislative and moral and ethical.

Physical means include various engineering devices and structures that prevent the physical penetration of intruders into the objects of protection and protect personnel (personal security equipment), material and financial resources, information from illegal actions. Examples of physical means: locks on doors, bars on windows, electronic security alarms, etc.

Hardware - devices built directly into computing equipment, or devices that interface with it via a standard interface. These tools belong to the most secure part of the system. With their help, any security concept can be implemented, but the cost of implementation turns out to be an order of magnitude higher in comparison with software tools similar in purpose. If you have a choice, preference should be given to security hardware, since they exclude any interference with their work directly from the network. Studying the work of these tools is possible only if there is direct physical access to them. Another advantage of hardware is its greater performance compared to security software (especially when used in cryptographic security devices).

Software facilities Are special programs and software systems designed to protect information in IS. They are the most common means, since they can be used to implement almost all ideas and methods of protection, and, in addition, they have a low cost compared to hardware. Almost all firewalls and most cryptographic protections are implemented using software-based security techniques. Their main disadvantage is their accessibility to hackers, especially with regard to widely used security tools on the market. According to their intended purpose, they can be divided into several classes:

user identification and authentication programs;
programs for determining the rights (powers) of users (technical devices);
programs for registering the work of technical means and users (maintaining the so-called system log);
programs for the destruction (erasure) of information after solving the corresponding tasks or when the user violates certain rules for information processing.

Information security software is often divided into means implemented in standard operating systems (OS) and security means in specialized information systems.

Cryptographic programs are based on the use of information encryption (coding) methods. These methods are quite reliable means of protection, significantly increasing the security of information transmission in networks.

Networks often use hardware and software protection tools. These are tools based on the use of technological devices that allow some adjustment of the parameters of their work by software methods. They represent a compromise between the previous two tools and combine the high performance of hardware-implemented snow and the flexibility of software customization. Typical examples of this type of device are Cisco hardware routers that can be configured as packet filters.

Organizational and legislative means information protection provide for the creation of a system of regulatory documents governing the development, implementation and operation of IP, as well as the responsibility of officials and legal entities for violation of established rules, laws, orders, standards, etc.

Organizational tools regulate production activities and the use of computers in the network and the relationship of performers on a regulatory and legal basis in such a way that disclosure, leakage and unauthorized access to confidential information becomes impossible or significantly hampered by organizational measures. The complex of these measures is implemented by the information security group, but must be under the control of the chief executive. Organizational arrangements should cover the design, implementation and operation of information systems. They provide the integration of all the used protective equipment into a single mechanism.

Legal remedies are determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of restricted information and establish measures of responsibility for violation of these rules. The main purpose of legislation is to prevent and deter potential violators.

Moral and ethical means information protection is based on the use of moral and ethical standards prevailing in society. They include all sorts of norms of behavior that have traditionally developed earlier, develop as information technology spreads in the country and in the world, or are specially developed. Moral and ethical norms can be unwritten (for example, honesty), or formalized in a set (charter) of rules or regulations. These norms, as a rule, are not legally approved, but since non-compliance with them leads to a drop in the prestige of the organization, they are considered binding.

When using any information technology, you should pay attention to the availability of data protection means, programs, computer systems.

Data security includes ensuring the reliability of data and protecting data and programs from unauthorized access, copying, modification.

The reliability of the data is controlled at all stages of the technological process of EIS operation. Distinguish between visual and software control methods. Visual control performed at home and final stages. Software - at the in-machine stage. At the same time, control is required when entering data, adjusting them, i.e. wherever there is user intervention in the computing process. Separate details, records, groups of records, files are controlled. Data validation software is laid down at the detailed design stage.

Protection of data and programs from unauthorized access, copying, modification is implemented by software and hardware methods and technological methods. Software and hardware protection means include passwords, electronic keys, electronic identifiers, electronic signatures, data encryption and decoding tools. Cryptographic methods are used to encode, decode data, programs and electronic signatures. For example, the United States uses a cryptographic standard developed by the IETF group. It cannot be exported. Domestic electronic keys have been developed, for example, Novex Key for protecting programs and data in Windows, DOS, Netware systems. The means of protection are similar, according to experts, to a door lock. The locks are broken, but no one removes them from the door, leaving the apartment open.

Technological control consists in organizing a multi-level system for protecting programs and data both by means of checking passwords, electronic signatures, electronic keys, hidden file tags, using software products that meet the requirements of computer security, and by methods of visual and software control of the reliability, integrity, completeness of data.

The security of data processing depends on the security of the use of computer systems . Computer system is a set of hardware and software, various types of physical media, data itself, as well as personnel serving the listed components.

Currently developed in the USA computer systems security assessment standard - criteria for evaluating suitability. It takes into account four types of computer system requirements:

· security policy requirements -security policy;

· Keeping records of the use of computer systems - accounts;

· Trust in computer systems;

· Requirements for documentation.

Requirements for sequential security policies and keeping records of the use of computer systems depend on each other and are provided with the means incorporated in the system, i.e. security issues are incorporated into software and hardware at the design stage.

Violation trust in computer systems , as a rule, it is caused by a violation of the culture of program development: the abandonment of structured programming, non-exclusion of stubs, undefined input, etc. To test for trust, you need to know the architecture of the application, the rules for its sustainability, the test case.

Documentation requirements mean that the user must have comprehensive information on all issues. At the same time, the documentation should be concise and understandable.

Only after assessing the security of a computer system can it enter the market.

During the exploitation of IP, viruses bring the greatest harm and loss. Virus protection can be organized in the same way as protection against unauthorized access. The protection technology is multi-layered and contains the following steps:

1. Incoming control of new software or diskette, which is carried out by a group of specially selected detectors, inspectors and filters. For example, you can include Scan, Aidstest, TPU 8CLS in the group. Quarantine mode can be carried out. For this, an accelerated computer calendar is created. With each subsequent experiment, a new date is entered and a deviation is observed in the old software. If there is no deviation, then the virus was not detected.

2. Segmentation of the hard drive. In this case, the Read Only attribute is assigned to individual disk partitions. For segmentation, you can use, for example, the Manager program, etc.

3. Systematic use of resident, auditor programs and filters to control the integrity of information, such as Check 21, SBM, Antivirus 2, etc.

4. Archiving. Both system and application programs are subject to it. If one computer is used by several users, then daily archiving is desirable. For archiving, you can use PKZIP, etc.

The effectiveness of software protections depends on correct user actions , which can be done in error or with malice. Therefore, the following organizational protection measures should be taken:

· General access control, including a password system and hard drive segmentation;

· Training of personnel in protection technology;

· Ensuring the physical security of the computer and magnetic media;

· Development of archiving rules;

· Storage of individual files in encrypted form;

· Creation of a recovery plan for the hard drive and damaged information.

To encrypt files and protect against unauthorized copying, many programs have been developed, for example Catcher, Exeb, etc. One of the protection methods is hidden file label: the label (password) is written to a sector on the disk, which is not read along with the file, but the file itself is located from another sector, thus the file cannot be opened without knowing the label.

Recovering information on a hard drive is a difficult task available to highly qualified system programmers. Therefore, it is advisable to have several sets of floppy disks for the archive of the hard drive and keep loop recording for these kits. For example, you can use the week-month-year principle to write on three sets of floppy disks. Periodically, you should optimize the location of files on the hard drive using the Speed \u200b\u200bDisk utility, etc., which greatly facilitates their recovery.