TVs. Consoles. Projectors and accessories. Technologies. Digital TV

Forms and methods of protection from intruders. How to protect your computer from hackers. Technical methods and means of information security

Network protection from computer attacks- This is an ongoing and non-trivial task, but a number of simple security measures can stop most attempts to penetrate the network. Among such funds are the following:

1. Prompt installation of fixes (patches, patches) for programs running on the Internet. Often there are reports in the press and the Internet about the discovery of a security gap mail programs or Web browsers, and then their developers release patch programs. They must be used.

2. Anti-virus programs for detecting Trojan horses are indispensable for increasing security on any network. They monitor the operation of computers and detect malware on them.

3. Firewalls, or firewalls, are the most important means of protecting an enterprise network. They control network traffic entering and leaving the network. A firewall can block certain types of traffic from entering the network or perform certain checks on other types of traffic.

4. Password cracking programs are used by hackers to steal encrypted password files and then decrypt them to gain access to the user's computer. Therefore, measures should be taken to ensure that passwords are changed as often as possible and their length is as long as possible.

5. Attackers often penetrate networks by listening to network traffic in sensitive locations and extracting usernames and passwords from it. Therefore connections with remote machines password protected files must be encrypted.

6. Scanner programs have a large database of vulnerabilities, which they use when checking a particular computer for vulnerabilities. Both commercial and free scanners are available. For example, the Orge scanner (http://hackers.com/files/portscanners/ogre.zip) from Rhino9, which helps you hack your own network and detect invisible weaknesses that your administrator forgot about.

7. When installing a new one operating system Usually all network facilities are allowed, which is often not at all secure. This allows hackers to use many methods to attack a computer. Therefore, you need to make maximum use of the built-in protection of the operating system and its utilities.

8. Users often allow their computers to accept incoming messages. phone calls. For example, before leaving work, a user turns on the modem and configures the programs on the computer accordingly, after which he can make a call using the modem from home and use the corporate network. Hackers can use programs to call large numbers telephone numbers looking for computers that process incoming calls.

9. Review security advisories published by computer crime teams and software vendors about newly discovered vulnerabilities. These advisories typically cover the most serious threats posed by these vulnerabilities and are therefore quick to read but very helpful.

There is a lot of information on the Internet about how to gain access to someone else’s PC, how to find out information that is stored on the hard drive of another computer connected to the Internet. There are many different kinds of hackers who hack into other people's cars for fun. There are even more people doing this in order to collect information that will help them take advantage of your money.

How to protect yourself from such attacks? What should an average user do to protect their PC from such attackers? To do this, you need to have some information and follow simple precautions.

Firstly, try to use different passwords to access resources and sites on the Internet. When you use the same password on different resources, you increase the chances of various shady individuals hacking your profiles. And everyone. And God forbid, access to your email will be the same as to WebMoney wallet. The chances of losing all your electronic money will increase rapidly.

Secondly, install antivirus software on your PC. And you shouldn't skimp on free versions. After all, the functionality paid antivirus much more, protection is carried out in all directions, including blocking access for a hacker. And catching malicious spyware is the main task "police" our PC. For example, if you do not have an antivirus, your computer can easily get keylogger program. The functionality of such software allows it to run in background and track user actions by logging them. Thus, they intercept passwords, numbers credit cards and so on secret information. And then, with a certain frequency, they send the collected data to their creator. Preventing this from happening is the job of any antivirus. They block access to such software on your PC or catch them "by the tail", stopping the activity.

But how can a program like a keylogger even get onto your PC? After all, you probably didn’t install it yourself. Distribution methods include free or cracked programs with modified code, Email and etc.

In addition to Trojans, keyloggers and other similar methods, electronic thieves may ask you to follow a link in a letter from your bank. And there a fake website will be waiting for you and you will need to log in. Is it possible to get to "fishing rod" when they promise you something for free, for example, game currency, and in return they ask you to enter your registration data, supposedly to perform the necessary actions with your profile. If you believe, then you can say goodbye to your achievements in the game.

Keeping in mind the information provided and using up-to-date antivirus software, you will make it as difficult as possible for attackers to gain access to your computer.

Methods and means of protection computer information represent a set of various measures, hardware and software, moral, ethical and legal standards that are aimed at countering the threats of attackers and minimizing possible damage to system owners and information users.

Let's consider the following types of traditional measures to counteract information leakage from a computer.

Technical methods and means of information security

These include:

  • protection against unauthorized access to a computer system;
  • redundancy of all important computer subsystems;
  • organization of networks with the subsequent ability to redistribute resources if there is a malfunction of individual network links;
  • installation of detection equipment;
  • installation of water detection equipment;
  • adoption of a set of measures to protect against theft, sabotage, sabotage, and explosions;
  • installation reserve system power supply;
  • equipping the premises with locks;
  • installation of alarm systems, etc.

Organizational methods and means of information security

These include:

  • server security;
  • carefully organized personnel selection;
  • exception of such cases when everything is special important work performed by one person;
  • developing a plan for how to restore the server’s functionality in a situation where it fails;
  • universal means of protection from any user (even from senior management).

Methods and techniques for protecting information: authentication and identification

Identification is the assignment of a unique image or name to a subject or object. And authentication is a check of whether the subject/object is who it is trying to pretend to be. The ultimate goal of both measures is the admission of the subject/object to the information that is in limited use or refusal of such admission. The authenticity of an object can be carried out by a program, a hardware device, or a person. Objects/subjects of authentication and identification can be: technical means(workstations, monitors, subscriber stations), people (operators, users), information on the monitor, magnetic media, etc.

Methods and means of protecting information: using passwords

A password is a set of characters (letters, numbers, etc.) that is designed to identify an object/subject. When the question arises about which password to choose and set, the question always arises about its size and the method of applying resistance to selection by an attacker. It is logical that the longer the password, the more high level It will provide security to the system, since it will take much more effort to guess it/select the combination.

But even if it should be periodically changed to a new one, in order to reduce the risk of its interception in the event of direct theft of the media, either by making a copy from the media, or by forcibly forcing the user to say the “magic” word.

Today I want to move away from the usual focus of my materials and raise a topic that is, in my opinion, no less important than spiritual development or personal transformation...

I'm talking about the SECURITY of your computer and the information you store on it.

I don't consider myself a great expert in this issue, BUT I can give some timely recommendations.

I would be grateful if you add to the list of precautions in the comments to the article!

Activation of Unconditional Love by Chakras

These short meditations will help you activate Unconditional Self-Love in every chakra of your physical body.

* * * * *

P.S. I almost forgot... If you have children who actively use the Internet, know that you should conduct a full scan of your computer much more often antivirus programs. My daughter loves mail.ru toys, as a result, every month we catch dozens of viruses, fortunately she has her own laptop...

Small children should turn on the " Parental control”, which cuts off the opportunity to get to pornographic sites or sites with a dubious reputation.

Information today is an important resource, the loss of which is fraught with unpleasant consequences. The loss of confidential company data carries the threat of financial losses, since the information obtained can be used by competitors or attackers. To prevent such undesirable situations, all modern companies and institutions use information security methods.

Information systems (IS) security is a whole course that all programmers and specialists in the field of IS development take. However, know the types information threats and security technologies are necessary for everyone who works with sensitive data.

Types of information threats

The main type of information threat, against which an entire technology is created at every enterprise, is unauthorized access by attackers to data. Attackers plan criminal actions in advance, which can be carried out through direct access to devices or through a remote attack using programs specially designed to steal information.

In addition to the actions of hackers, companies often face situations of information loss due to disruption of software and hardware.

IN in this case classified materials do not fall into the hands of attackers, but they are lost and cannot be restored, or they take too long to recover. Crashes in computer systems may occur for the following reasons:

  • Loss of information due to damage to storage media – hard drives;
  • Errors in the operation of software;
  • Hardware malfunction due to damage or wear.

Modern methods of information protection

Data protection technologies are based on the application modern methods, which prevent information leakage and loss. Today there are six main methods of protection:

  • Let;
  • Disguise;
  • Regulation;
  • Control;
  • Compulsion;
  • Inducement.

All of these methods are aimed at building an effective technology that eliminates losses due to negligence and successfully repels various types of threats. An obstacle is a method of physical protection of information systems, thanks to which attackers are not able to enter the protected area.

Masking is a method of protecting information that involves converting data into a form that is not suitable for perception by unauthorized persons. Deciphering requires knowledge of the principle.

Management – ​​methods of protecting information in which all components are controlled information system.

Regulation is the most important method of protecting information systems, which involves the introduction of special instructions according to which all manipulations with protected data must be carried out.

Coercion – methods of information protection that are closely related to regulation, involving the introduction of a set of measures in which employees are forced to comply with established rules. If methods of influencing workers are used in which they follow instructions for ethical and personal reasons, then we are talking about motivation.

The video shows a detailed lecture on information security:

Information systems protection means

Methods of protecting information require the use of a certain set of tools. To prevent the loss and leakage of secret information, the following means are used:

  • Physical;
  • Software and hardware;
  • Organizational;
  • Legislative;
  • Psychological.

Physical information security measures prevent unauthorized persons from accessing the protected area. The main and oldest means of physical obstruction is the installation of strong doors, reliable locks, and bars on windows. To enhance information security, checkpoints are used where access control is carried out by people (guards) or special systems. In order to prevent information loss, it is also advisable to install a fire protection system. Physical means are used to protect data on both paper and electronic media.

Software and hardware are an indispensable component for ensuring the security of modern information systems.

Hardware is represented by devices that are built into equipment for processing information. Software tools – programs that repel hacker attacks. Software tools can also include software systems, performing the restoration of lost information. Using a complex of equipment and programs, it is ensured backup information – to prevent losses.

Organizational means are associated with several methods of protection: regulation, management, coercion. Organizational means include the development of job descriptions, conversations with employees, and a set of punishment and reward measures. With the effective use of organizational tools, enterprise employees are well aware of the technology of working with protected information, clearly perform their duties and are responsible for the provision of false information, leakage or loss of data.

Legislative measures are a set of regulations that regulate the activities of people who have access to protected information and determine the extent of responsibility for the loss or theft of classified information.

Psychological means are a set of measures to create personal interest among employees in the safety and authenticity of information. To create personal interest among staff, managers use different types of incentives. Psychological means also include building a corporate culture in which each employee feels like an important part of the system and is interested in the success of the enterprise.

Protection of transmitted electronic data

To ensure the security of information systems, methods of encryption and protection of electronic documents are actively used today. These technologies allow for remote data transfer and remote authentication.

Methods of protecting information by encryption (cryptographic) are based on changing information using secret keys of a special type. The technology of cryptography of electronic data is based on transformation algorithms, replacement methods, and matrix algebra. The strength of the encryption depends on how complex the conversion algorithm was. Encrypted information is reliably protected from any threats other than physical ones.

Electronic digital signature(EDS) – parameter electronic document, which serves to confirm its authenticity. Electronic digital signature replaces signature official on a paper document and has the same legal force. The digital signature serves to identify its owner and confirm the absence of unauthorized transformations. The use of digital signatures not only ensures information security, but also helps reduce the cost of document flow technology and reduces the time it takes to move documents when preparing reports.

Information systems security classes

The protection technology used and the degree of its effectiveness determine the security class of the information system. International standards distinguish 7 systems security classes, which are combined into 4 levels:

  • D – zero level security;
  • C – random access systems;
  • B – systems with forced access;
  • A – systems with verifiable safety.

Level D corresponds to systems in which protection technology is poorly developed. In such a situation, any unauthorized person has the opportunity to gain access to information.

Using underdeveloped security technology can lead to loss or loss of information.

Level C has the following classes – C1 and C2. Security class C1 involves separation of data and users. A certain group of users has access only to certain data; authentication is required to obtain information - verifying the authenticity of the user by asking for a password. With safety class C1, the system contains hardware and software protection. Systems with class C2 are supplemented with measures to guarantee user responsibility: an access log is created and maintained.

Level B includes security technologies that have Level C classes, plus a few extra ones. Class B1 assumes the presence of a security policy, a trusted computing base for managing security labels, and enforcing access control. In class B1, specialists carefully analyze and test the source code and architecture.

Safety class B2 is typical for many modern systems and assumes:

  • Providing security labels to all system resources;
  • Registration of events that are associated with the organization of secret memory exchange channels;
  • Structuring the trusted computing base into well-defined modules;
  • Formal security policy;
  • High system resistance to external attacks.

Class B3 assumes, in addition to class B1, notifying the administrator of attempts to violate security policy, analyzing the appearance of secret channels, having mechanisms for data recovery after a hardware failure or.

Level A includes one, highest class security - A. K this class refer to systems that have been tested and confirmed to comply with formal top-level specifications.

The video shows a detailed lecture on information system security:



Share with friends:
Related publications