Branch of the State Educational Institution of Higher Professional Education "MPEI (TU)"
in Smolensk,
6th year student
METHODS OF VIOLATING THE SECURITY OF INFORMATION SYSTEMS
Currently, computers have become firmly established in the modern world, in all spheres of human activity and science, thereby creating the need to provide them with various software. Of course, this is primarily due to the development of electronic computer technology and its rapid improvement and implementation in various spheres of human activity.
The reason for such intensive development of information technology is the ever-increasing need for fast and high-quality information processing, the flow of which is constantly growing with the development of society.
Connecting computers in a network has significantly increased labor productivity. Computer networks are used both for production (or office) needs, and for training, communication, etc.
The widespread use of computer technologies in automated information processing and management systems has led to an aggravation of the problem of protecting information circulating in computer systems. There was a need to create a comprehensive intrusion detection system.
Intrusion detection systems are used to detect certain types of malicious activity that could disrupt computer system information security. Such activity includes network attacks against vulnerable services, attacks aimed at escalation of privileges, unauthorized access to sensitive files, and malicious software (computer viruses, Trojan horses and worms).
Under violation of information system security Let us understand one of the situations that can be organized by the violator. These include :
· Interruption or disconnection.
Information is destroyed or becomes inaccessible or unusable. In this case accessibility of information is disrupted. An example of such violations could be the influence of an intruder on network elements (communication lines (LC), switching nodes (MC), control devices, databases, etc.) with the aim of destroying them or rendering them inoperative.
· Interception.
Unauthorized access to information is opened. The confidentiality of transmitted information is violated. An example of this type of violation is unauthorized connection to a communication channel.
· Modification (distortion).
Unauthorized access to information is opened for the purpose of changing information. Wherein the confidentiality of transmitted information and its integrity are violated. The purpose of this type of violation is to change the information transmitted over the network.
· Falsification.
The offender poses as a source of information. Wherein the authenticity of information is violated(a property that guarantees that the subject or resource is identical to the declared one). An example of this type of violation is sending fake messages over the network.
The above types of violations can be divided into two groups:
· active;
· passive.
Active influence on a distributed computing system is understood as an impact that has a direct impact on the operation of the system (change in the configuration of the distributed computing system, disruption of performance, etc.) and violates the security policy adopted in it. Almost all types of remote attacks are active influences. An obvious feature of active influence, compared to passive influence, is the fundamental possibility of its detection, since as a result of its implementation certain changes occur in the system. This group includes:
· interruption - violation of accessibility and confidentiality;
· modification - violation of integrity;
· falsification - violation of authenticity.
Passive impact on a distributed computing system is an impact that does not directly affect the operation of the system, but may violate its security policy.
It is the lack of direct influence on the operation of a distributed computing system that makes passive remote influence almost impossible to detect. An example of a typical passive remote influence in a distributed computing system is listening to a communication channel in a network. With passive influence, unlike active influence, no traces are left (nothing will change if the attacker views someone else’s message in the system). It can be confidently stated that passive violations have as their ultimate goal a transition to the group of active violations.
Main goals of influence:
· violation of confidentiality of information or system resources;
· violation of information integrity;
· disruption of system performance (availability).
The goal of most attacks is to gain unauthorized access to information. There are two fundamental possibilities for accessing information: interception and distortion. In the first case, there is unauthorized access to information without the possibility of its distortion (passive influence).
Information distortion means complete control over the information flow between system objects or the ability to transmit messages on behalf of another object. It is obvious that distortion of information leads to a violation of its integrity, that is, it represents an active influence.
A fundamentally different goal of the attack is to disrupt the system. In this case, the main goal of the attacker is to ensure that the operating system on the attacked object fails and, therefore, for all other objects of the system, access to the resources of this object would be impossible. An example of a remote attack, the purpose of which is to disrupt the functionality of the system, is a standard denial of service attack.
Attacks can also be classified based on the condition for the impact to begin. Remote influence, just like any other, can begin to occur only under certain conditions. In distributed computing systems, there are three types of conditions for starting a remote attack:
· attack on request from the attacked object;
· attack upon the occurrence of an expected event on the attacked object;
· unconditional attack.
In the first case, the attacker expects a request of a certain type to be sent from the potential target of the attack, which will be the condition for the beginning of the impact. It is important to note that this type of remote attacks is most typical for distributed computing systems.
In the second case, the attacker constantly monitors the state of the operating system of the remote target of the attack, and when a certain event occurs in this system, it begins to influence it. As in the previous case, the initiator of the attack is the attacked object itself.
In the third case, the start of the attack is unconditional in relation to the target of the attack, that is, the attack is carried out immediately and regardless of the state of the system and the attacked object. Therefore, in this case, the attacker is the initiator of the attack.
LITERATURE
1. Novikov, S. N. Information protection in communication networks with guaranteed quality of service: training manual /. – Novosibirsk, 20 p.: ill.
2. Howard, M. Protected code / M. Howard, D. Leblanc. - per. from English, - 2nd ed., Spanish. M.: Publishing and trading house "Russian Edition", 20с.
3. Shangin, V.F. Information security of computer systems and networks: textbook. allowance / . - M.: Publishing House "Forum": Infa-M, 20p.
Classification of threat sources
Classification of information security threats
Topic 2 - Information security threats
Threat concepts security object and object vulnerabilities were introduced earlier. To fully represent the interaction between the threat and the protected object, we introduce the concepts of the source of the threat and the attack.
Site security threat- possible impact on the object, which directly or indirectly may damage its safety.
Source of threat- these are potential anthropogenic, man-made or natural sources of security threats.
Object vulnerability- these are the reasons inherent in the object that lead to a violation of the security of information at the object.
Attack- these are the possible consequences of a threat when the source of the threat interacts through existing vulnerabilities. An attack is always a “source-vulnerability” pair that implements a threat and leads to damage.
Figure 2.1
Suppose, a student goes to school every day and at the same time crosses the roadway in the wrong place. And one day he gets hit by a car, which causes him damage, in which he becomes unable to work and cannot attend classes. Let's analyze this situation. The consequences in this case are the losses that the student suffered as a result of the accident. Our threat is the car that hit the student. The vulnerability was that the student crossed the roadway in an unspecified location. And the source of the threat in this situation was that certain force that did not allow the driver to avoid hitting the student.
Information is not much more difficult. There are not so many threats to information security. A threat, as follows from the definition, is the danger of causing damage, that is, this definition reveals a strict connection between technical problems and the legal category, which is “damage”.
Manifestations of possible damage may vary:
Moral and material damage business reputation organizations;
Moral, physical or material damage associated with the disclosure of personal data of individuals;
Material (financial) damage from disclosure of protected (confidential) information;
Material (financial) damage from the need to restore damaged protected information resources;
Material damage (losses) from the inability to fulfill assumed obligations to a third party;
Moral and material damage from disruption of the organization’s activities;
Material and moral damage from violation of international relations.
Threats to information security are violations in ensuring:
2. Availability;
3. Integrity.
Confidentiality of information- this is the property of information to be known only to its authenticated legitimate owners or users.
Confidentiality violations:
Theft (copying) of information and means of processing it;
Loss (unintentional loss, leakage) of information and means of processing it.
Availability of information is the property of information to be accessible to its authenticated legitimate owners or users.
Accessibility violations:
Blocking information;
Destruction of information and means of processing it.
Information integrity- this is the property of information to be unchanged in semantic sense when exposed to accidental or intentional distortions or destructive influences.
Violations in ensuring integrity:
Modification (distortion) of information;
Denial of the authenticity of information;
Imposing false information.
Carriers of security threats information are sources of threats. Both subjects (personality) and objective manifestations can act as sources of threats. Moreover, sources of threats can be located both inside the protected organization - internal sources, and outside it - external sources.
All sources of information security threats can be divided into three main groups:
1 Caused by the actions of the subject (anthropogenic sources of threats).
2 Caused by technical means (man-made sources of threat).
3 Caused by natural sources.
Anthropogenic sources threats to information security are entities whose actions can be classified as intentional or accidental crimes. Only in this case can we talk about causing damage. This group is the most extensive and is of the greatest interest from the point of view of organizing protection, since the actions of the subject can always be assessed, predicted and adequate measures taken. Methods of counteraction in this case are manageable and directly depend on the will of the organizers of information security.
As an anthropogenic source threats can be considered a subject who has access (authorized or unauthorized) to work with the standard means of the protected object. Subjects (sources) whose actions may lead to a violation of information security can be both external and internal. External sources may be accidental or deliberate and have varying levels of expertise.
Internal actors(sources), as a rule, are highly qualified specialists in the field of development and operation of software and hardware, are familiar with the specifics of the tasks being solved, the structure and basic functions and principles of operation of software and hardware information security tools, and have the ability to use standard equipment and technical means networks.
It is also necessary to take into account that a special group of internal anthropogenic sources consists of persons with mental disorders and specially deployed and recruited agents, who may be from among the main, auxiliary and technical personnel, as well as representatives of the information security service. This group is considered as part of the sources of threats listed above, but the methods of countering threats for this group may have their own differences.
The second group contains sources of threats determined by technocratic human activity and the development of civilization. However, the consequences caused by such activities are beyond human control and exist on their own. This class of sources of threats to information security is especially relevant in modern conditions, since in the current conditions experts expect a sharp increase in the number of man-made disasters caused by the physical and moral obsolescence of the equipment used, as well as the lack of material resources to update it. Technical means that are sources of potential threats to information security can also be external and internal.
Third group of sources threats are united by circumstances that constitute force majeure, that is, circumstances that are objective and absolute in nature, applicable to everyone. Force majeure in legislation and contractual practice includes natural disasters or other circumstances that cannot be foreseen or prevented, or can be foreseen, but cannot be prevented with the current level of human knowledge and capabilities. Such sources of threats are completely unpredictable, and therefore measures to protect against them must always be applied.
Natural sources potential threats to information security, as a rule, are external to the protected object and are understood, first of all, as natural disasters.
The classification and list of threat sources are given in Table 2.1.
Table 2.1 - Classification and list of sources of information security threats
| Anthropogenic sources | External | Criminal structures |
| Potential criminals and hackers | ||
| Unfair partners | ||
| Technical staff of telecommunications service providers | ||
| Representatives of supervisory organizations and emergency services | ||
| Representatives of law enforcement agencies | ||
| Domestic | Key personnel (users, programmers, developers) | |
| Information security representatives (administrators) | ||
| Support staff (cleaners, security) | ||
| Technical personnel (life support, operation) | ||
| Technogenic sources | External | Means of communication |
| Utility networks (water supply, sewerage) | ||
| Transport | ||
| Domestic | Poor quality technical means of information processing | |
| Poor quality information processing software | ||
| Auxiliary equipment (security, alarm, telephony) | ||
| Other technical means used in the institution | ||
| Natural sources | External | Fires |
| Earthquakes | ||
| Floods | ||
| Hurricanes | ||
| Magnetic storms | ||
| Radioactive radiation | ||
| Various contingencies | ||
| Unexplained phenomena | ||
| Other force majeure circumstances |
All threat sources have varying degrees of danger TO fear, which can be quantified by ranking them. In this case, the assessment of the degree of danger is carried out using indirect indicators.
The following can be selected as comparison criteria (indicators):
Possibility of a source K 1 - determines the degree of accessibility to the ability to exploit vulnerability for anthropogenic sources, distance from vulnerability for man-made sources or features of the situation for random sources;
Source readiness TO 2 - determines the degree of qualification and attractiveness of committing acts from the source of the threat for anthropogenic sources or the presence of the necessary conditions for man-made and natural sources;
Fatality TO 3 - determines the degree of unavoidability of the consequences of the threat.
Each indicator assessed by an expert-analytical method using a five-point system. Moreover, 1 corresponds to the minimum degree of influence of the assessed indicator on the danger of using the source, and 5 corresponds to the maximum.
TO The factor for a particular source can be defined as the ratio of the product of the above indicators to the maximum value (125):
Threats, as possible dangers of committing any action directed against the object of protection, do not manifest themselves, but through vulnerabilities that lead to a violation of information security at a specific object of informatization.
Vulnerabilities are inherent object of informatization, are inseparable from it and are determined by the shortcomings of the functioning process, the properties of the architecture of automated systems, exchange protocols and interfaces used by the software and hardware platform, operating conditions and location.
Sources of threats can use vulnerabilities to violate the security of information, obtain illegal benefits (causing damage to the owner, possessor, user of information). In addition, non-malicious actions by threat sources to activate certain vulnerabilities that cause harm are possible.
Each threat can be associated with different vulnerabilities. Elimination or significant mitigation of vulnerabilities affects the possibility of information security threats being realized.
Information security vulnerabilities can be:
Objective;
Subjective;
Random.
Objective vulnerabilities depend on the design features and technical characteristics of the equipment used at the protected object. Complete elimination of these vulnerabilities is impossible, but they can be significantly mitigated by technical and engineering methods of fending off threats to information security.
Subjective vulnerabilities depend on the actions of employees and are mainly eliminated by organizational and software and hardware methods.
Random vulnerabilities depend on the characteristics of the environment surrounding the protected object and unforeseen circumstances. These factors, as a rule, are little predictable and their elimination is possible only by carrying out a set of organizational, engineering and technical measures to counter threats to information security.
The classification and list of information security vulnerabilities are given in Table 2.2.
Table 2.2 - Classification and list of information security vulnerabilities
| Objective vulnerabilities | Related technical means of radiation | Electromagnetic | Spillover emissions from technical equipment elements |
| Cable lines of technical means | |||
| Radiation at generator frequencies | |||
| At self-excitation frequencies of amplifiers | |||
| Electrical | Induction of electromagnetic radiation onto lines and conductors | ||
| Leakage of signals in the power supply circuit, in the ground circuit | |||
| Uneven power supply current consumption | |||
| Sound | Acoustic | ||
| Vibroacoustic | |||
| Activated | Installable hardware bookmarks | into telephone lines | |
| On the power supply | |||
| Indoors | |||
| In technical means | |||
| Software bookmarks | Malware | ||
| Technological outputs from programs | |||
| Illegal copies of software | |||
| Determined by the characteristics of the elements | Elements with electroacoustic transformations | Telephone sets | |
| Loudspeakers and microphones | |||
| Inductors | |||
| Chokes | |||
| Transformers, etc. | |||
| Items exposed to electromagnetic fields | Magnetic media | ||
| Microcircuits | |||
| Nonlinear elements subject to RF interference | |||
| Determined by the characteristics of the protected object | Object location | No controlled area | |
| Availability of direct visibility of objects | |||
| Remote and mobile object elements | |||
| Vibrating reflective surfaces | |||
| Organization of information exchange channels | Using radio channels | ||
| Global information networks | |||
| Rented channels | |||
| Subjective vulnerabilities | Errors (negligence) | When preparing and using the software | When developing algorithms and software |
| When installing and downloading software | |||
| When using the software | |||
| When entering data (information) | |||
| When setting up universal system services | |||
| Self-learning (self-adjusting) complex system of systems | |||
| When using technical equipment | When turning on/off technical means | ||
| When using technical security means | |||
| Incompetent actions | When configuring and managing a complex system | ||
| When setting up the software | |||
| When organizing information exchange flow management | |||
| When setting up technical means | |||
| When setting up standard software protection tools | |||
| Unintentional actions | Damage (deletion) of software | ||
| Damage (deletion) of data | |||
| Damage (destruction) of storage media | |||
| Damage to communication channels | |||
| Violations | Security and protection modes | Access to the facility | |
| Access to technical means | |||
| Confidentiality | |||
| Mode of operation of hardware and software | Energy supply | ||
| Life support | |||
| Installations of non-standard equipment | |||
| Installations of non-standard software (game, educational, technological) | |||
| Use of information | Processing and exchange of information | ||
| Storage and destruction of storage media | |||
| Destruction of production waste and defects | |||
| Psychogenic | Psychological | Antagonistic relationships (envy, bitterness, resentment) | |
| Dissatisfaction with your situation | |||
| Dissatisfaction with the actions of management (discipline, dismissal) | |||
| Psychological incompatibility | |||
| Mental | Psychical deviations | ||
| Stressful situations | |||
| Physiological | Physical condition (fatigue, pain) | ||
| Psychosomatic condition | |||
| Random vulnerabilities | Failures and failures | Failures and malfunctions of technical equipment | Processing information |
| Ensuring the functionality of information processing facilities | |||
| Providing security and access control | |||
| Aging and demagnetization of storage media | Floppy disks and removable media | ||
| Hard drives | |||
| Microcircuit elements | |||
| Cables and connecting lines | |||
| Software glitches | Operating systems and DBMS | ||
| Application programs | |||
| Service programs | |||
| Antivirus programs | |||
| Power failures | Information processing equipment | ||
| Support and auxiliary equipment |
All vulnerabilities have varying degrees of danger K problem, which can be quantified by ranking them.
In this case, you can choose as comparison criteria:
Fatality K 4 - determines the degree of influence of the vulnerability on the unavoidability of the consequences of the threat;
Availability K 5 - determines the possibility of exploitation of the vulnerability by a threat source;
Quantity K 6 - determines the number of object elements that are characterized by a particular vulnerability.
K The margin for an individual vulnerability can be defined as the ratio of the product of the above indicators to the maximum value (125):
Intruder model information security is a set of assumptions about one or more possible violators of information security, their qualifications, their technical and material means, etc.
Properly designed model violation is a guarantee of building an adequate information security system. Based on the constructed model, it is already possible to build an adequate information security system.
Most often built informal model of the offender, reflecting the reasons and motives of actions, his capabilities, a priori knowledge, goals pursued, their priority for the violator, the main ways to achieve his goals: methods of implementing the threats emanating from him, the place and nature of the action, possible tactics, etc. To achieve his goals, the violator must make certain efforts and spend some resources.
Having identified the main reasons violations, it seems possible to influence them or necessary to adjust the requirements for the protection system against this type of threat. When analyzing security violations, it is necessary to pay attention to the subject (personality) of the violator. Eliminating the reasons or motives that prompted the violation can help avoid a recurrence of a similar incident in the future.
There may be more than one model; it is advisable to build several different models of different types of information security violators of the protected object.
To build a model the offender uses information received from security services and analytical groups, data on existing means of access to information and its processing, on possible methods of intercepting data at the stages of its transmission, processing and storage, on the situation in the team and at the protected site, information about competitors and market situation, information security violations that have taken place, etc.
In addition, they evaluate real operational technical capabilities of an attacker to influence the protection system or the protected object. Technical capabilities mean a list of various technical means that an offender may have in the process of committing actions directed against the information security system.
Violators are internal and external.
Among internal violators, we can primarily highlight:
Direct users and operators of the information system, including managers at various levels;
Administrators of computer networks and information security;
Application and system programmers;
Security officers;
Technical personnel for building maintenance and computer equipment, from cleaners to service engineers;
Support staff and temporary workers.
Among the reasons that motivate employees to engage in unlawful actions are the following:
Irresponsibility;
User and administrator errors;
Demonstration of one's superiority (self-affirmation);
- “fight against the system”;
Selfish interests of system users;
Disadvantages of the information technologies used.
The group of external violators may include:
Clients;
Invited visitors;
Representatives of competing organizations;
Employees of departmental supervision and management bodies;
Access control violators;
Observers outside the protected area.
In addition, classification can be carried out according to the following parameters.
Methods and means used:
Collection of information and data;
Passive interception means;
Use of tools included in the information system or its protection system and their shortcomings;
Actively monitoring modifications of existing information processing tools, connecting new tools, using specialized utilities, introducing software bookmarks and “back doors” into the system, connecting to data transmission channels.
The offender’s level of knowledge regarding the organization of the information structure:
Typical knowledge of methods for constructing computer systems, network protocols, use of a standard set of programs;
High level of knowledge of network technologies, experience working with specialized software products and utilities;
High knowledge in programming, system design and operation of computer systems;
Possession of information about the means and mechanisms of protection of the attacked system;
The offender was a developer or took part in the implementation of an information security system.
Time of information impact:
At the time of information processing;
At the time of data transfer;
In the process of storing data (taking into account the operating and non-operating states of the system).
By location of impact:
Remotely using interception of information transmitted over data channels, or without its use;
Access to the protected area;
Direct physical contact with computer technology, which can be distinguished: access to workstations, access to enterprise servers, access to administration, control and management systems of the information system, access to management programs of the information security system.
Table 2.3 shows examples of models of information security violators and their comparative characteristics.
Table 2.3 - Comparative characteristics of several intruder models
| Characteristic | Lone hacker | Hacker group | Competitors | Government agencies, special forces |
| Computing power of technical means | Personal Computer | LAN, use of other people's computer networks | Powerful computing networks | Unlimited computing power |
| Internet access, type of access channels | Modem or leased line | Using someone else's high-bandwidth channels | Own high-bandwidth channels | Independent control over Internet traffic routing |
| Financial opportunities | Severely limited | Limited | Great opportunities | Virtually unlimited |
| Level of knowledge in the field of IT | Low | High | High | Tall, Standard Developers |
| Technologies used | Ready-made programs, known vulnerabilities | Search for new vulnerabilities, production of malware | Modern methods of penetrating information systems and influencing data flows in it | Thorough knowledge of information technology: possible vulnerabilities and shortcomings |
| Knowledge of building a facility protection system | Insufficient knowledge about building an information system | May make efforts to gain an understanding of how the security system operates | They can make efforts to gain an understanding of the principles of operation of the security system and introduce their representative into the security service | During the certification process of the system, representatives of government agencies can receive fairly complete information about its construction |
| Pursued goals | Experiment | Introducing distortions into the operation of the system | Blocking the functioning of the system, undermining the image, ruin | Unpredictable |
| Nature of action | Hidden | Hidden | Hidden or open demonstrative | May not bother hiding his actions |
| Penetration depth | Most often stops after the first successful impact | Until the goal is achieved or a serious obstacle appears | Until the bitter end | Nothing can stop them |
Research into the problems of ensuring information security and methods for preventing violations in this area has highlighted the need to more deeply understand the issues of information conflicts, which often lead to more serious consequences than simply fixing an obvious conflict and waiting for it to fade or develop into an offense.
“Conflict translated from Latin,” says Professor T. A. Polyakova, “is a clash of opposing goals, interests, positions, opinions or views of opponents or subjects of interaction.” Such contradictions when building an information society are inevitable, diverse and comprehensive.
Considering conflicts as a form of contradiction objectified in the relations of subjects, we drew attention to the fact that conflicts arise both in the social sphere and in the information system, in the information infrastructure. They can be both negative in relation to the problems being solved by society, and positive, pushing responsible subjects to search for new or more advanced solutions. A conflict can act as a motive for an offense if it is not taken into account in the process of identifying it. Most often, conflicts manifest themselves in the legislation itself due to its weak consistency and insufficiently thorough preparation of draft regulations, as well as omissions in the processes of law enforcement and execution of legislative acts.
Conflicts in the field of lawmaking are very significant in the context of cultural diversity and ignorance of historical factors in the implementation of established rules, lack of understanding of the balance and consistency of actions in the field of relations between state authorities and local governments, legal leaders and citizens. Conflicts arise due to non-compliance with the rules for working with information technologies, information resources, and failure to comply with requirements for communication systems. Methods for resolving conflicts are different and depend on the causes and area of their occurrence. They can be repaid administratively, officially, through peaceful interaction between the parties, but they can also be brought to judicial review. In any case, the presence of a conflict, identified and recorded, is a condition for preventing more serious situations. We can say that behind each form of violation of information security rules there are hidden identified or undetected conflicts of an objective or subjective nature. In this regard, in 2008, a theoretical seminar was held at the IGP RAS on the topic “Conflicts in the Information Sphere”, the materials of which were published in the collection of articles and speeches of its participants of the same name.
Not all types of conflicts develop into offenses, or even more so into crimes.
Taking into account the significance of the conflict in the area of social relations under consideration, it is important to formulate concept of legally significant conflict in the information environment (sphere) as follows. Legally significant conflict is to create a situation instability in implementation the legitimate rights and interests of citizens, the state, society, individual organizations in their information environment, situations that reduce the level of security, including those leading to the creation of threats, risks and destruction in the information infrastructure itself or in the field of the rights of subjects - participants in information relations and processes . And this was covered in the previous chapters of the textbook, as well as in the works of S.I. Semiletov. Let us note that conflicts lead to undermining the importance of information in the process of developing an information, civil, democratic, social, sustainable legal and humane society
An information security threat is understood as an accidental or intentional human activity or physical phenomenon that can lead to a violation of information security. Next, the main types and aspects of information security threats are discussed.
2.2.1 Classification of information security threats
The entire set of potential threats to information security, according to the nature of their occurrence, can be divided into two classes (Figure 7): natural (objective) and artificial (subjective).
Figure 7 - Security threats
Natural threats are threats caused by impacts on an automated system and its elements of objective physical processes or natural phenomena independent of humans.
Man-made threats are threats to information security caused by human activity. Among them, based on the motivation of actions, we can highlight:
1. Unintentional (unintentional, accidental) threats caused by errors in the design of the automated system and its elements, errors in software, errors in personnel actions, etc.
2. Deliberate (intentional) threats associated with the selfish aspirations of people (attackers).
Sources of threats to an automated system can be external or internal. Internal threats are realized by components of the information system itself - hardware and software or personnel.
The main unintentional artificial threats to information security include actions committed by people accidentally, out of ignorance, inattention or negligence, out of curiosity, but without malicious intent:
1. Unintentional actions leading to partial or complete failure of the system or destruction of hardware, software, information resources of the system (unintentional damage to equipment, deletion, distortion of files with important information or programs, including system ones, etc.).
2. Illegal shutdown of equipment or changing operating modes of devices and programs.
3. Unintentional damage to storage media.
4. Launching technological programs that, if used incompetently, can cause a loss of system functionality (freezes or loops) or carry out irreversible changes in the system (formatting or restructuring of storage media, deleting data, etc.).
5. Illegal introduction and use of unregistered programs (game, educational, technological, etc., which are not necessary for the violator to perform his official duties) with subsequent unreasonable expenditure of resources (processor load, seizure of RAM and memory on external media).
6. Infecting your computer with viruses.
7. Careless actions leading to the disclosure of confidential information or making it publicly available.
8. Disclosure, transfer or loss of access control attributes (passwords, encryption keys, identification cards, passes).
9. Design of system architecture, data processing technologies, development of application programs with capabilities that pose a danger to system performance and information security.
10. Ignoring organizational restrictions (established rules) when working in the system.
11. Logging into the system bypassing security measures (loading a foreign operating system from removable magnetic media, etc.).
12. Incompetent use, configuration or illegal disabling of protection by security personnel.
13. Forwarding data to the wrong address of the subscriber (device).
14. Entering incorrect data.
15. Unintentional damage to communication channels.
The main intentional man-made threats include:
1. Physical destruction of the system (by explosion, arson, etc.) or failure of all or some of the most important components of the computer system (devices, carriers of important system information, personnel, etc.).
2. Disabling or disabling subsystems for ensuring the functioning of computer systems (power supply, cooling and ventilation, communication lines, etc.).
3. Actions to disorganize the functioning of the system (changing operating modes of devices or programs, strikes, sabotage of personnel, setting up powerful active radio interference at the operating frequencies of system devices, etc.).
4. Incorporation of agents into the system personnel (including, possibly, the administrative group responsible for security).
5. Recruitment (by bribery, blackmail, etc.) of personnel or individual users with certain powers.
6. Use of listening devices, remote photography and video recording, etc.
7. Interception of side electromagnetic, acoustic and other radiation from devices and communication lines, as well as interference from active radiation to auxiliary technical means not directly involved in information processing (telephone lines, power networks, heating, etc.).
8. Interception of data transmitted over communication channels and their analysis in order to determine exchange protocols, rules for entering into communication and user authorization and subsequent attempts to imitate them to penetrate the system.
9. Theft of storage media (magnetic disks, tapes, memory chips, storage devices and entire personal computers).
10. Unauthorized copying of storage media.
11. Theft of production waste (printouts, records, written off storage media, etc.).
12. Reading residual information from RAM and external storage devices.
13. Reading information from areas of RAM used by the operating system (including the security subsystem) or other users, asynchronously using the shortcomings of multitasking operating systems and programming systems.
14. Illegally obtaining passwords and other access control details (through agents, using the negligence of users, by brute force, by simulating the system interface, etc.) with subsequent disguise as a registered user (“masquerade”).
15. Unauthorized use of user terminals that have unique physical characteristics, such as workstation number on the network, physical address, address in the communication system, hardware encoding unit, etc.
16. Opening cryptographic information protection ciphers.
17. Introduction of special hardware attachments, software bookmarks and viruses, i.e. such sections of programs that are not needed to implement the declared functions, but allow one to overcome the security system, covertly and illegally access system resources in order to register and transmit critical information or disrupt the functioning of the system.
18. Illegal connection to communication lines for the purpose of working “between the lines”, using pauses in the actions of a legitimate user on his behalf, followed by entering false messages or modifying transmitted messages.
19. Illegal connection to communication lines for the purpose of directly replacing a legitimate user by physically disconnecting him after logging into the system and successful authentication, followed by entering misinformation and imposing false messages.
Most often, to achieve this goal, the attacker uses not one, but a certain combination of the above methods.
This article makes an attempt to consider real threats to information security that may arise in modern conditions. It should be noted that the article does not claim to be a “textbook on information security”, and everything stated in it is solely the opinion of the author.
A traditional mistake of many managers of Russian companies is to underestimate or overestimate the threats to the information security of an enterprise. Often, they perceive IT security at best as one of the auxiliary measures to ensure security in general, and sometimes it is not given any significant role at all - they say that this is all the concern of system administrators. This option is typical primarily for small and partially for medium-sized companies. The second extreme - an overestimation of the importance of IT security - is found mainly among large companies and is characterized by elevating a set of measures to ensure IT security to the rank of a “hyperstrategy”, around which the main business strategy is built.
It's no secret that in the modern world, business is more or less dependent on information technology. The advantages of using IT for business are obvious: the speed and ease of generation, distribution, manipulation and retrieval of heterogeneous information, organizing it according to various criteria, ease of storage, the ability to access from almost anywhere in the world... All these advantages require well-established support and maintenance, which, in turn, imposes certain requirements on the basic IT infrastructure. On the other hand, information systems often contain information the disclosure of which is highly undesirable (for example, confidential information or information constituting a trade secret). Violation of the normal functioning of the infrastructure or gaining access to information located in the information system are threats to information security.
Thus, threats to an enterprise’s information security can be divided into several classes:
- Availability Threats
- Integrity Threats
- Confidentiality threats
Availability threats are threats associated with an increase in the time it takes to obtain this or that information or information service. Availability disruption is the creation of conditions under which access to a service or information will be either blocked or possible for a time that will not ensure the fulfillment of certain business goals. Let's consider an example: if the server on which the information required for making a strategic decision is located fails, the property of information availability is violated. A similar example: in case of isolation for any reason (server failure, failure of communication channels, etc.) of the mail server, we can talk about a violation of the availability of the IT service “e-mail”. Particularly noteworthy is the fact that the cause of disruption of the availability of information or information service does not necessarily have to be the responsibility of the owner of the service or information. For example, in the example discussed above with a disruption in the availability of a mail server, the cause (failure of communication channels) may lie outside the area of responsibility of the server administrators (for example, failure of the main communication channels). It should also be noted that the concept of “availability” is subjective at each point in time for each of the subjects consuming the service or information at a given point in time. In particular, disruption of the availability of a mail server for one employee may mean the disruption of individual plans and loss of a contract, and for another employee of the same organization it may mean the inability to receive the latest news release.
Integrity threats are threats associated with the likelihood of modification of one or another information stored in an information system. Violation of integrity can be caused by various factors - from deliberate actions of personnel to equipment failure. Violation of integrity can be either intentional or unintentional (the cause of unintentional violation of integrity can be, for example, malfunctioning equipment).
Confidentiality threats are threats associated with access to information outside the access privileges available to that particular subject. Such threats can arise as a result of the “human factor” (for example, accidental delegation to one or another user of the privileges of another user), software and hardware failures.
The implementation of each of these threats individually or in combination leads to a violation of the information security of the enterprise.
As a matter of fact, all measures to ensure information security should be based on the principle of minimizing these threats.
All information security activities can be conditionally considered at two main levels: at the level of physical access to data and at the level of logical access to data, which are a consequence of administrative decisions (policies).
At the level of physical access to data, mechanisms for protecting data from unauthorized access and mechanisms for protecting against damage to physical storage media are considered. Protection against unauthorized access involves placing server equipment with data in a separate room, to which only personnel with appropriate authority have access. At the same level, it is possible to create a geographically distributed system of servers as a means of protection. The level of protection against physical damage involves the organization of various kinds of specialized systems that prevent such processes. These include: server clusters and back-up (backup) servers. When working in a cluster (for example, two servers), in the event of a physical failure of one of them, the second will continue to work, thus the functionality of the computing system and data will not be impaired. With the additional organization of backup (back-up server), it is possible to quickly restore the computer system and data even if the second server in the cluster fails.
The level of protection against logical access to data involves protection from unauthorized access to the system (hereinafter in the text, a system is understood as an IT system designed for generating, storing and processing data of any class - from simple accounting systems to ERP-class solutions) both at the database level data, and at the level of the system core and user forms. Protection at this level involves taking measures to prevent access to the database both from the Internet and from the organization’s local network (the latter aspect of security has traditionally received little attention, although this aspect is directly related to such a phenomenon as industrial espionage). Protecting the system kernel involves, along with the measures outlined above, calculating checksums of critical parts of executable code and periodically auditing these checksums. This approach allows you to increase the overall level of system security. (It should be noted that this event is not the only one; it is given as a good example). Providing security at the level of user forms declares mandatory encryption of traffic transmitted over a local network (or over the Internet) between the client (user form) and the application (system kernel). Also, security at this level can be ensured by calculating the checksums of these forms, followed by their verification, adopting the ideology of “separation of data and code.” For example, a system built using “thin client” technology from the point of view of ensuring security at this level has an advantage over a system built using “thick client” technology, since at the level of user forms it does not provide access to business logic code (for example, by disassembling the executable file). The same level of protection includes the certification mechanism, when in the exchange between the user form and the server, as well as the authenticity of the user form itself, is confirmed by a third participant in the exchange - a certification authority.
Similarly, at the logical access protection level at the access database level, it is advisable to calculate checksums of critical tables and maintain a log of object access to the database. In an ideal case (“thin client”), only the server application (business logic server) has access to the database, and all other (third-party) requests to the database are blocked. Such an approach will eliminate several types of attacks and concentrate the database protection policy on ensuring security “at critical points.”
Protection at the level of administrative decisions includes administrative measures aimed at creating a clear and understandable policy regarding IT, IP, information security, etc. We can say that this level is primary in relation to the user - since it is protection at the level of administrative decisions that can prevent most critical situations related to information security.
Two more important issues related to security should be considered - methods and means of user authentication and logging of events occurring in the IS.
User authentication refers to the logical level of information security. The purpose of this procedure is, firstly, to inform the IS which user is working with it, in order to provide it with the appropriate rights and interfaces; secondly, to confirm the rights of this particular user in relation to the IP. Traditionally, the authentication procedure is reduced to the user entering a username (login) and password.
Quite often, in mission-critical applications, the username/password entry form is an application running in a secure software (less often, hardware) tunnel that unconditionally encrypts all information transmitted over the network. Unfortunately, the most common situation is when the username and password are transmitted over the network in clear text (for example, most of the well-known free email systems on the Internet work on this principle). In addition to software (entering a username/password combination), there are also software and hardware solutions for user authentication. These include floppy disks and USB drives with a key file (quite often in combination with entering a regular name/password to confirm authority for critical actions), protected from copying; Write-once USB drives with a key file; iris scanners; fingerprint scanners; systems of anthropology. One of the options for increasing the degree of IS protection is to limit the password validity period and limit the time the user is inactive in the IS. Password lifetime limitation is the issuance of a password that is valid only for a certain number of days - 30, 60, etc. Accordingly, with periodic password changes, the degree of security of the information system as a whole increases. Limiting user inactivity time involves automatically closing a user session if no user activity has been recorded in this session for a certain period of time.
Logging of all events occurring in the information system is necessary to obtain a clear picture of attempts at unauthorized access, or unqualified actions of personnel in relation to the information system. A frequent situation is the introduction of specialized modules into the IS that analyze system events and prevent destructive actions in relation to the IS. Such modules can work based on two premises: intrusion detection and availability prevention. In the first case, the modules statistically analyze typical user behavior and issue an “alarm” in case of noticeable deviations (for example, the operator’s work at 22-30 for the first time in two years is definitely suspicious); in the second case, based on an analysis of the current user session, they try to prevent potentially destructive actions (for example, an attempt to delete any information).
Note:
IS – information security
IT – information technologies
IS – information systems or information system (by context)
