Educational program of secondary general education of the municipal budgetary educational institution “Soviet secondary school. Problems of information security in computer systems. Technology of working with forms and graphic elements

The concept of information security when working in computer network. Organizational information security measures. Protect information using antivirus programs. Protection from unwanted correspondence. Personal network filters. The concept and purpose of a firewall (firewall). Reliability of information from Internet resources.

Students should know:

basic information security measures when working on a computer network;

basic antivirus programs and technology for working with them;

basic measures used in anti-spam technology;

purpose of a firewall to protect information;

basic rules for ensuring the reliability of information obtained as a result of searching.

Students should be able to:

implement basic organizational information security measures on your own computer;

produce automatic update antivirus programs;

SECTION 4. INFORMATION TECHNOLOGY OF PRESENTING INFORMATION IN THE FORM OF PRESENTATIONS IN THE ENVIRONMENTPOWERPOINT

Topic 4.1. Features of the presentation preparation software environmentPowerPoint 2003

Features and scope of use of the PowerPoint application. Typical presentation objects. PowerPoint tool groups.

PowerPoint 2003 interface features compared to previous versions: quick help; task areas. Possibilities of technology for working with graphic objects. Characteristics of the “Photo Album” mode. Automatic text selection mode. Preview. Safety precautions for working in PowerPoint 2003.

Students should know:

purpose and functionality PowerPoint 2003 applications;

PowerPoint 2003 Objects and Tools;

4.2. Information technology for creating a presentation using the Auto Content Wizard on the topic “Safety in the computer lab”

Filling out the presentation with information on the topic: searching for materials on the Internet; filling slides with text; design of slides with drawings and photographs.

Creating presentation controls: setting up an interactive table of contents using hyperlinks; providing a return to the table of contents; adding hyperlinks to Word documents; adding control buttons to all slides.

Designing an express test: creating questions and answers; setting up reactions to selected answers in the form of hyperlinks; return to the slide with questions; reprogramming the control button.

Adding animation effects: selecting animation effects; animation settings.

Students should know:

main objects of presentation;

purpose and types of presentation templates;

basic presentation controls;

technology for working with each presentation object.

Students should be able to:

create and design slides;

change slide settings;

select and configure animation of text and graphic objects;

insert sound and video clip into the presentation;

create presentation control elements: interactive table of contents, control buttons, hyperlinks.

4.3. Information technology for creating a presentation on social topics “Computer and schoolchildren’s health”

Workshop. Creation of the educational complex “Computer and health of schoolchildren”

Description of the purpose of the presentation “Computer and the health of schoolchildren” as a component of the project. Using Internet resources to select the necessary information for the presentation. Presentation creation technology. The technology for creating your own presentation background is creating and inserting a picture.

Students should know:

the purpose and main content of SanPiN regulatory documents on working on computers;

technology for working in PowerPoint 2003.

Students should be able to:

select yourself necessary information for the selected presentation topic, using Internet resources;

Create your own presentation for any topic.

SECTION 5. INFORMATION TECHNOLOGY

DATA PROCESSING IN A TABLE PROCESSOR ENVIRONMENTEXCEL
5.1. Statistical processing of data array and diagramming

Workshop. Statistical study of data arrays using the example of solving the problem of processing the results of entrance exams. Statement and description of the problem.

Technology for processing statistical data (data array) on a selected topic: determining the composition of applicants by work experience; determination of average score; determination of the regional composition of applicants; determination of the composition of applicants by type of entrance examination.

Analysis of the results of statistical data processing: determination of the number of applicants in areas of study; study of the age of applicants; research into the popularity of various areas of study among boys and girls; compiling lists of applicants enrolled in universities in selected areas of study.

Students should know:

purpose and rules for the formation of logical and simple statistical functions;

presentation of statistical processing results in the form of different types of diagrams;

how to properly structure information for statistical data processing and analysis.

Students should be able to:

apply technology for generating logical and simple statistical functions;

use technology for presenting information in the form of diagrams;

analyze the obtained results of processing data sets.
5.2. Data accumulation and processing technology

Workshop. Mastering the technology of data accumulation using the example of creating a test shell on the topic “Can you become a successful businessman?” Statement of the problem of developing an information system for a test survey.

Test shell development technology: design of the test area; design of the response area; creating and customizing response forms.

Technology for processing test results: contacting the test taker; generating a block of outputs using logical formulas.

Students should know:

technology for creating interactive shells;

rules for forming logical formulas.

Students should be able to:

create test shells;

use forms to enter data into the table;

work with several pages of a book;

develop and use logical formulas;

enter, accumulate and process data.

5.3. Automated data processing using questionnaires

Workshop. Mastering the technology of automated processing of questionnaires using the example of conducting a questionnaire as part of a competition for the position of presenter of a music program. Statement of the problem.

Development technology user interface: design of the applicant’s application form template; creation of assessment forms entered into the questionnaire by jury members; setting up assessment forms.

Technology for organizing data accumulation and processing: creating macros; creating control buttons; summing up the results of the competition and constructing diagrams.

Students should know:

technology for automated data processing using questionnaires;

the concept of a macro and the technology of its creation and use.

Students should be able to:

create templates for registering data in the form of a questionnaire;

customize data entry forms;

create macros;

organize data accumulation;

process accumulated data and present information in the form of diagrams.

SECTION 6. INFORMATION TECHNOLOGY FOR PROJECT DEVELOPMENT

6.1. An idea of ​​the main stages of project development

Project concept. Examples of projects. Classification of projects: by area of ​​use; by duration; in complexity and scale.

Main stages of project development: project concept; planning; control and analysis. Characteristics of the main stages.

The concept of project structure as a variety information model. The purpose of developing information models. The concept of structural decomposition. Iterative process of creating project structures.

Students should know:

concept of a project;

classification of projects;

main stages of project development;

the concept of structural decomposition of a project.

Students should be able to:

give examples of various projects and assign them to a specific class;

explain the essence of the main stages of project development;

highlight the main goal of the project.

6.2. Basic project information models

Project information model in the form of a tree of goals. General view of the structure of the goal tree. Decomposition of the goal. Building a goal tree using the example of a school renovation project.

Project information model in the form of a product structure. General view of the structure. Building a product structure using the example of a school renovation project.

Project information model in the form of a work breakdown structure (WBS). General view of the structure. Building a work breakdown structure using the example of a school renovation project.

Project information model in the form of a responsibility matrix. General view of the structure.

Other types of project information models.

Students should know:

types of project information models;

rules for constructing the structure of the goal tree;

rules for constructing a product structure;

rules for constructing a work breakdown structure;

rules for constructing a responsibility matrix.

Students should be able to:

develop a tree of project goals;

develop a product structure for the project;

develop a work breakdown structure for the project;

develop a responsibility matrix for project work;

6.3. Development of information models for the social project “Life without a cigarette”

The concept of project intent. Clarification and detailing of the concept of a social project aimed at combating smoking among schoolchildren, in the form of questions and answers. Analysis social problem associated with smoking among schoolchildren. Drawing up a preliminary work plan for the project.

Construction of a tree of project goals, where the general goal is to combat early smoking among schoolchildren. Building the structure of the information product of this project. Building a structure for breaking down the project's work. Construction of a responsibility matrix.

Students should know:

Students should be able to:

analyze the environment for which the project will be developed;

develop project information models: goal tree, product structure, work breakdown structure, responsibility matrix.

6.4. Information technology for creating the social project “Life without a cigarette”

Workshop. Preparation of abstracts on the topic “On the dangers of smoking”, from the perspective of the main subject areas: history, chemistry, biology, economics, literature, social science, sociology, psychology.

Preparation of materials about the problems of smokers with whom he turns to doctors.

Research into the reasons for smoking using a questionnaire. Creating a questionnaire in Excel. Conducting a survey. Processing of statistical data.

Study of the age of schoolchildren who smoke using a questionnaire. Creating a questionnaire in Excel. Conducting a survey. Processing of statistical data.

Presentation of the project results: holding school-wide events, a youth forum on the Internet, holding anti-nicotine campaigns.

Students should be able to:

carry out an advanced search for information resources on the Internet;

prepare material about the dangers of smoking from different points of view, using the Internet;

develop the necessary forms of questionnaires for conducting the survey;

process statistical data displayed in questionnaires;

present the results of the project in different forms.

SECTION 7. BASICS OF PROGRAMMING IN THE ENVIRONMENTVISUALBASIC

7.1. Basic concepts and tools of the VisualBasic environment (VB)

Generalized view of the object information model. The concept of event and method.

Introduction to the VisualBasic project development environment. Environment interface. Purpose of the main tabs. Window technology. Program code editor window. Project Explorer window. Object properties window. Interpreter window.

Students should know:

what is an object and how is it characterized in the VisualBasic environment;

what are events and methods;

what is the process of creating an application in VB..

Students should be able to:

change the composition of the project development environment;

use various ways window management.

7.2. Technology of working with forms and graphic methods

Concept and purpose of form. Technology for setting and editing form properties. Using form events and methods to display text.

Purpose of graphic methods. Syntax of Line and Circle graphic methods. Technology for performing the task of displaying the simplest graphic objects by double-clicking on the form. Mastering fragments of a program for drawing typical figures.

Students should know:

purpose of the form;

purpose of graphic methods and their syntax.

Students should be able to:

change form properties in the properties window in various ways;

programmatically change form properties;

apply the Line graphic method;

apply the Circle graphic method;

write programs for processing various events: Click, DblClick, KeyPress;

calculate and program the position of graphics on the form.

7.3. Assignment operator and data entry

The concept of a variable and its meaning in a program. Assignment operator syntax. Data entry statement syntax. A program for drawing a circle and outputting calculated parameters. Rectangle drawing program.

Students should be able to:

use variables in programs;

use the assignment operator;

enter data using the InputBox function.

7.4. Control elements: label, text box, button

The concept of control elements. Label assignment. Create a user interface using labels. Influencing labels and programming responses.

The purpose of the control element is a text window. Technology for writing a program for a dialog box.

The purpose of the control element is a button. Technology for writing a program with a control button.

Technology for working with date and time functions. Variable definition areas. Technology of working with global variables.

Students should know:

purpose and types of control variables;

scope of the variable.

Students should be able to:

create and use labels to display text information;

program different responses when you click on a label;

create text windows and change their properties;

enter data into text boxes in various ways;

create and use buttons;

work with global variables.

7.5. Procedures and functions

Purpose of the auxiliary algorithm. Concept of procedure. Procedure syntax. An example of a procedure.

Technology for writing a procedure without parameters. Technology for writing a procedure with parameters. A program for drawing rhombuses with different diagonals.

Standard features. Function syntax. An example of a function design. Technology for creating and using a function.

Using procedures and functions with parameters using the example of creating a program for calculating the median of a triangle.

Students should know:

concept, purpose and syntax of the procedure;

assignment and use of procedure parameters;

concept, purpose and syntax of a function;

Students should be able to:

create procedures with and without parameters;

call procedures from the main program;

set actual parameters various types when calling a procedure.

use standard functions in programs;

create your own functions in the program and access them from the program.

11th grade (34 hours) Part 1. INFORMATION PICTURE OF THE WORLD

SECTION 1. FUNDAMENTALS OF SOCIAL INFORMATICS

1.1. From industrial society to information society

The role and characteristics of information revolutions. Brief description computer generations and connection with the information revolution. Characteristics of industrial society. Characteristic information society. The concept of informatization. Informatization as a process of transforming an industrial society into an information society.

The concept of information culture: informationological and cultural approaches. Manifestation of human information culture. Main factors in the development of information culture.

Students should know:

the concept of the information revolution and its impact on the development of civilization;

a brief description of each information revolution;

characteristic features of industrial society;

characteristic features of the information society;

the essence of the process of informatization of society.

definition of information culture;

factors of information culture development.

Students should be able to:

give examples reflecting the process of informatization of society;

compare the levels of development of countries from the perspective of informatization.

1.2. Information resources

Main types of resources. The concept of an information resource. Information resource as the main strategic resource of the country. How does the correct use of information resources affect the development of society?

Concepts of information product, service, information service. Main types of information services in the library sector. The role of databases in the provision of information services. The concept of the information potential of society.

Students should know:

the role and importance of information resources in the development of the country;

the concept of information service and product;

types of information products;

types of information services.

Students should be able to:

give examples of information resources;

compose a classification of information products for different fields of activity;

compose a classification of information services for different fields of activity.

1.3. Ethical and Legal Standards information activities person

Ownership of an information product: rights of disposal, rights of ownership, rights of use. The role of the state in legal regulation. Law of the Russian Federation “On Information, Informatization and Protection of Information” as the legal basis for guaranteeing the rights of citizens to information. Problems facing legislative bodies in terms of legal support for human information activities.

The concept of ethics. Ethical standards for information activities. Forms of implementation of ethical standards.

1.4. Information security

The concept of information security. Concept information environment. Main goals of information security. Objects that need to ensure information security.

The concept of information threats. Sources of information threats. Main types of information threats and their characteristics.

Information security for various users of computer systems. Information protection methods: restricting access, encrypting information, controlling access to equipment, security policy, protection against information theft, protection against computer viruses, physical protection, protection against random threats, etc.

Computer network security is achieved through policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or disabling of the network and the resources available to it. It includes data access authorization, which is controlled network administrator. Users select or assign an ID and password or other authentication information that allows them to access data and programs within their authority.

Network security covers the many computer networks, both public and private, that are used in everyday work, conducting transactions and communications between businesses, government agencies and individuals. Networks may be private (for example, within a company) or other (which may be open to the public).

Computer network security is related to organizations, businesses and other types of institutions. This protects the network and also performs security and supervisory operations. The most common and in a simple way Protecting a network resource is to assign it a unique name and a corresponding password.

Security Management

Security management for networks can be different for different situations. A home or small office may only require basic security, while large enterprises may require highly reliable service and advanced software and hardware to prevent hacking and unwanted attacks.

Types of attacks and network vulnerabilities

A vulnerability is a weakness in design, implementation, operation, or internal controls. Most of the discovered vulnerabilities are documented in the Common Vulnerabilities and Exposures (CVE) database.

Networks can be subject to attacks from various sources. They can be of two categories: “Passive”, where the network attacker intercepts data passing through the network, and “Active”, where the attacker initiates commands to disrupt the normal operation of the network or to conduct monitoring in order to gain access to the data.

To protect a computer system, it is important to understand the types of attacks that can be launched against it. These threats can be divided into the following categories.

"Back Door"

A backdoor in a computer system, cryptosystem, or algorithm is any secret method of bypassing normal authentication or security measures. They can exist for a number of reasons, including original design or poor configuration. They may be added by a developer to allow some kind of legitimate access, or by an attacker for other reasons. Regardless of their motives for existing, they create vulnerability.

Denial of service attacks

Denial of service (DoS) attacks are designed to make a computer or network resource unavailable to its intended users. The organizers of such an attack can deny access to the network to individual victims, for example, by deliberately entering incorrect password many times in a row to cause blocking account, or overload the capabilities of the machine or network and block all users at the same time. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of distributed denial of service (DDoS) attacks are possible where signals originate from a large number of addresses. In this case, the defense is much more difficult. Such attacks can originate from computers controlled by bots, but a number of other methods are possible, including reflection and amplification attacks, where entire systems involuntarily transmit such a signal.

Direct access attacks

An unauthorized user who gains physical access to a computer can likely directly copy data from it. Such attackers can also compromise security by making changes to the operating system, installing software worms, keyloggers, hidden devices for listening or using wireless mice. Even if the system is protected by standard security measures, they can be bypassed by loading another OS or tool from a CD or other bootable media. is designed to prevent just such attacks.

Network Security Concept: Key Points

Information security in computer networks begins with authentication, which involves entering a username and password. This type of it is single-factor. With two-factor authentication, it is also used additional parameter(security token or “key”, ATM card or mobile phone), with three-factor applied and a unique user element (fingerprint or retinal scan).

After authentication, the firewall applies the access policy. This computer network security service is effective in preventing unauthorized access, but this component may not check for potentially harmful content, such as computer worms or Trojan horses, transmitted over the network. Antivirus software or Intrusion Prevention System (IPS) help detect and block such malware.

An intrusion detection system based on data scanning can also monitor the network for subsequent high-level analysis. New systems that combine unlimited machine learning with full network traffic analysis can detect active network attackers in the form of malicious insiders or targeted external pests that have compromised a user's computer or account.

Additionally, communications between two hosts can be encrypted to provide greater privacy.

Computer protection

Computer network security involves countermeasures—an action, device, procedure, or technique that reduces a threat, vulnerability, or attack by eliminating or preventing it, minimizing harm, or detecting and reporting its presence.

Secure Coding

This is one of the main security measures for computer networks. In software development, secure coding aims to prevent the accidental introduction of vulnerabilities. It is also possible to create software designed from the ground up for security. Such systems are “safe by design.” In addition, formal verification aims to prove the correctness of the algorithms underlying the system. This is especially important for cryptographic protocols.

This measure means that the software is developed from scratch to ensure the security of information on computer networks. In this case, it is considered the main feature.

Some of the methods of this approach include:

1. The principle of least privilege, in which each part of the system has only the specific powers necessary for its functioning. Thus, even if an attacker gains access to this part, he will have limited authority over the entire system.
2. Code reviews and unit tests are approaches to make modules more secure when formal proofs of correctness are not possible.
3. Defense in depth, where the design is such that multiple subsystems must be compromised to compromise the integrity of the system and the information it stores. This is a more in-depth computer network security technique.

Security architecture

The Open Security Architecture organization defines IT security architecture as “design artifacts that describe the arrangement of security controls (security countermeasures) and their relationship to the overall information technology architecture.” These controls serve to maintain system quality attributes such as confidentiality, integrity, availability, liability, and assurance.

Others define it as a unified design for computer network security and information systems security that considers the needs and potential risks associated with a particular scenario or environment and determines when and where to apply certain controls.

Its key attributes are:

• the relationships of different components and how they depend on each other.
• Determining controls based on risk assessment, best practices, financial and legal issues.
• standardization of controls.

Ensuring computer network security

A computer's state of "safety" is an ideal achieved through the use of three processes: threat prevention, threat detection, and response. These processes are based on various policies and system components, which include the following:

1. User account access controls and cryptography that can protect system files and data.
2. Firewalls, which today are the most common prevention systems in terms of computer network security. This is due to the fact that they are capable (if configured correctly) of protecting access to internal network services and block certain types of attacks through packet filtering. Firewalls can be either hardware or software.
3. Intrusion detection systems (IDS), which are designed to detect network attacks during their implementation, as well as to provide assistance after an attack, while audit trails and directories perform a similar function for individual systems.

The “response” is necessarily determined by the assessed security requirements of the individual system and can range from a simple security update to notification of appropriate authorities, counter-attack, etc. In some special cases It is best to destroy a hacked or damaged system, as it may happen that not all vulnerable resources will be discovered.

What is a firewall?

Today, computer network security includes mostly "preventative" measures such as firewalls or logout procedures.

A firewall can be defined as a way of filtering network data between a host or network and another network such as the Internet. It can be implemented as software running on a machine and connecting to the network stack (or, in the case of UNIX-like systems, built into the OS kernel) to provide real-time filtering and blocking. Another implementation is a so-called "physical firewall", which consists of separate filtering of network traffic. Such tools are common among computers that are constantly connected to the Internet and are actively used to ensure the information security of computer networks.

Some organizations are turning to large data platforms (such as Apache Hadoop) to ensure data availability and machine learning to detect advanced persistent threats.

However, relatively few organizations maintain computer systems with effective detection systems, and they have even fewer organized response mechanisms. This creates problems in ensuring the technological security of a computer network. The main obstacle to effectively eradicating cybercrime is the over-reliance on firewalls and other automated systems detection. However, it is fundamental data collection using packet capture devices that stop attacks.

Vulnerability Management

Vulnerability management is the cycle of identifying, eliminating, or mitigating vulnerabilities, especially in software and firmware. This process is an integral part of ensuring the security of computer systems and networks.

Vulnerabilities can be detected using a scanner that analyzes a computer system looking for known weak points such as open ports, insecure software configuration and vulnerability to malware.

In addition to vulnerability scanning, many organizations contract with security outsourcing companies to conduct regular penetration tests on their systems. In some sectors this is a contractual requirement.

Vulnerability Reduction

Although formal verification of the correctness of computer systems is possible, it is not yet common. Officially reviewed OSs include seL4 and SYSGO PikeOS, but they make up a very small percentage of the market.

Modern computer networks that ensure the security of information on the network actively use two-factor authentication and cryptographic codes. This significantly reduces risks for the following reasons.

Breaking cryptography is almost impossible today. It requires some non-cryptographic input (an illegally obtained key, plaintext, or other additional cryptanalytic information).

It is a method of mitigating unauthorized access to a system or confidential information. To log into a secure system, two elements are required:

• “what you know” - password or PIN;
• “what you have” - card, key, mobile phone or other equipment.

This increases the security of computer networks since an unauthorized user needs both elements simultaneously to gain access. The more stringent your security measures are, the fewer hacks are likely to occur.

You can reduce the chances of attackers by constantly updating systems with security patches and updates, and using special scanners. The effect of data loss and corruption can be reduced by carefully creating backup copies and storage.

Equipment protection mechanisms

Hardware can also be a source of threat. For example, hacking could be accomplished by exploiting vulnerabilities in microchips maliciously introduced during the manufacturing process. Hardware or auxiliary security for working in computer networks also offers certain methods of protection.

Use of devices and methods such as access keys, trusted platform modules, intrusion detection systems, drive locks, disabling USB ports, and assisted access mobile communications, may be considered more secure due to the need for physical access to stored data. Each of these is described in more detail below.

Keys

USB keys are commonly used in the unlocking software licensing process software capabilities, but they can also be seen as a way to prevent unauthorized access to a computer or other device. The key creates a secure encrypted tunnel between it and software application. The principle is that the encryption scheme used (for example, AdvancedEncryptionStandard (AES)) provides a higher degree of information security in computer networks, since it is more difficult to crack and replicate the key than to simply copy your own software to another machine and use it.

Another use for such keys is to use them to access web content, such as cloud software or virtual private networks (VPNs). Additionally, the USB key can be configured to lock or unlock the computer.

Protected devices

Trusted platform secure devices (TPMs) integrate cryptographic capabilities onto access devices using microprocessors or so-called computers on a chip. TPMs, used in conjunction with server-side software, offer an ingenious way to discover and authenticate hardware devices and prevent unauthorized access to the network and data.

Computer intrusion detection is carried out through a push-button switch that is activated when the machine case is opened. The firmware or BIOS is programmed to notify the user the next time the device is turned on.

Lock

The security of computer networks and the security of information systems can also be achieved by blocking disks. This is, in essence, software tools for encryption hard drives making them inaccessible to unauthorized users. Some specialized tools are designed specifically for encrypting external drives.

Disabling USB ports is another common security setting to prevent unauthorized and malicious access to a protected computer. Infected USB keys connected to the network from a device inside a firewall are considered the most common threat to a computer network.

Mobile devices supported cellular communications becoming increasingly popular due to widespread use cell phones. Built-in capabilities such as Bluetooth, the latest Low Frequency Communications (LE), and Near Field Communications (NFC) have led to the search for tools to address vulnerabilities. Today, both biometric verification (thumbprint reading) and QR code reading software are widely used. mobile devices. All this offers new, safe ways connections mobile phones to access control systems. This provides computer security, and can also be used to control access to protected data.

Features and access control lists

Features of information security in computer networks are based on the separation of privileges and degree of access. Two such models that are widely used are access control lists (ACLs) and capability-based security.

Using ACLs to restrict programs from running has proven to be unsafe in many situations. For example, the host computer can be tricked into indirectly allowing access to a restricted file. It has also been shown that the promise of an ACL to provide access to an object to only one user can never be guaranteed in practice. Thus, there are still practical shortcomings in all ACL-based systems today, but developers are actively trying to correct them.

Capability-based security is mainly used in research operating systems, while commercial OSes still use ACLs. However, features can only be implemented at the language level, resulting in a specific programming style that is essentially a refinement of standard object-oriented design.

| Information security of network technology work

Lesson 38
Information security of network technology work

Security threats to information systems

There are four actions performed with information that may pose a threat: collection, modification, leakage and destruction. These actions are basic for further consideration.

Adhering to the accepted classification, we will divide all sources of threats into external and internal.

Sources internal threats are:

Employees of the organization;
Software;
Hardware.

Insider threats can manifest themselves in the following forms:

User errors and system administrators;
violations by company employees of established regulations for the collection, processing, transfer and destruction of information;
errors in software operation;
failures and malfunctions of computer equipment.

TO external sources threats include:

Computer viruses And malware;
Organizations and individuals;
Natural disasters.

Forms of manifestation external threats are:

Infecting computers with viruses or malware;
unauthorized access (UA) to corporate information;
information monitoring by competing structures, intelligence and special services;
actions of government agencies and services, accompanied by the collection, modification, seizure and destruction of information;
accidents, fires, man-made disasters.

All of the types of threats (forms of manifestation) we have listed can be divided into intentional and unintentional.

According to the methods of impact on information security objects, threats are subject to the following classification: informational, software, physical, radio-electronic and organizational-legal.

TO information threats include:

Unauthorized access to information resources;
illegal copying of data in information systems;
theft of information from libraries, archives, banks and databases;
violation of information processing technology;
illegal collection and use of information;
use of information weapons.

Software threats include:

Use of errors and "holes" in software;
computer viruses and malware;
installation of "mortgage" devices;

TO physical threats include:

Destruction or destruction of information processing and communication facilities;
theft of storage media;
theft of software or hardware keys and funds cryptographic protection data;
impact on personnel;

Electronic threats include:

Implementation electronic devices interception of information in technical means and premises;
interception, decryption, substitution and destruction of information in communication channels.

Organizational and legal threats include:

Purchases of imperfect or outdated information technologies and information tools;
violation of legal requirements and delay in making the necessary regulatory decisions in the information sphere.

Let's consider the network security model and the main types of attacks that can be carried out in this case. Next, we'll look at the main types of services and security mechanisms that prevent such attacks.

Network security model

Classification of network attacks

IN general case there is an information flow from the sender (file, user, computer) to the recipient (file, user, computer):

Rice. 1 Information flow

All attacks can be divided into two classes: passive and active .

Passive attack

A passive attack is one in which the enemy does not have the ability to modify transmitted messages and insert his own messages into the information channel between the sender and the recipient. The goal of a passive attack can only be to listen to transmitted messages and analyze traffic.

Rice. 2 Passive attack

Active attack

An active attack is one in which the enemy has the ability to modify transmitted messages and insert his own messages. The following types of active attacks are distinguished:

1. Denial of Service - DoS attack (Denial of Service)

Denial of service violates normal functioning network services. An adversary can intercept all messages sent to a specific recipient. Another example of such an attack is the creation of significant traffic, resulting in a network service being unable to process requests from legitimate clients. A classic example of such an attack in TCP/IP networks is a SYN attack, in which the attacker sends packets that initiate the establishment of a TCP connection, but does not send packets that complete the establishment of this connection. As a result, the server may become overwhelmed and the server may not be able to connect to legitimate users.

Rice. 3 DoS attack

2. Data flow modification - "man in the middle" attack

Modifying a data stream means either changing the content of the message being sent or changing the order of messages.

Rice. 4 Attack "man in the middle"

3. Creating a false stream (falsification)

Falsification (violation of authenticity) means an attempt by one subject to impersonate another.

Rice. 5 Creating a fake stream

4. Reuse.

Reuse means passively capturing data and then forwarding it to gain unauthorized access - this is the so-called replay attack. In fact, replay attacks are a type of tampering, but due to the fact that they are one of the most common attack options for gaining unauthorized access, they are often treated as a separate type of attack.

Rice. 6 Replay attack

The listed attacks can exist in any type of network, not just in networks using TCP/IP protocols as transport, and at any level of the OSI model. But in networks built on the basis of TCP/IP, attacks occur most often, because, firstly, the Internet has become the most widespread network, and secondly, security requirements were not taken into account when developing TCP/IP protocols.

Security Services

The main security services are the following:

Confidentiality - preventing passive attacks on transmitted or stored data.

Authentication - confirmation that the information came from a legitimate source and the recipient is who he claims to be.

In the case of a single message transmission, authentication must ensure that the intended recipient of the message is the correct one and that the message came from the intended source. When a connection is established, two aspects take place.

Firstly, When initializing a connection, the service must ensure that both participants are required.

Secondly, the service must ensure that the connection is not manipulated in such a way that a third party can masquerade as one of the legitimate parties after the connection has been established.

Integrity - a service that guarantees that information has not changed during storage or transmission. Can be applied to a message stream, a single message, or individual fields within a message, as well as stored files and separate records files.

Impossibility of refusal - the impossibility, both for the recipient and for the sender, to refuse the fact of transfer. This way, when a message is sent, the recipient can verify that it was sent by the legitimate sender. Likewise, when a message has arrived, the sender can verify that it was received by the legitimate recipient.

Access Control - the ability to limit and control access to systems and applications via communication lines.

Availability - the result of attacks may be the loss or reduction of the availability of a particular service. This service designed to minimize the possibility of DoS attacks.

Security Mechanisms

We list the main security mechanisms:

Symmetric encryption algorithms - encryption algorithms in which the same key is used for encryption and decryption or the decryption key can be easily obtained from the encryption key.

Asymmetric encryption algorithms - encryption algorithms in which two different keys are used for encryption and decryption, called public and private keys, and, knowing one of the keys, it is impossible to calculate the other.

Hash functions - functions whose input value is a message of arbitrary length, and the output value is a message of fixed length. Hash functions have a number of properties that make it possible to detect changes in the input message with a high degree of probability.

Network interaction model

The model of secure network interaction in general can be represented as follows:

Fig.7 Network security model

A message that is transmitted from one participant to another passes through various types of networks. In this case, we will assume that a logical information channel is established from the sender to the recipient using various communication protocols (for example, TCP/IP).

Security features are necessary if you want to protect transmitted information from an adversary who may pose a threat to confidentiality, authentication, integrity, etc. All security technologies have two components:

1. Relatively secure transfer of information. An example is encryption, where a message is modified in such a way as to be unreadable to an adversary, and possibly supplemented with code that is based on the contents of the message and can be used to authenticate the sender and ensure the integrity of the message.
2. Some secret information shared by both participants and unknown to the enemy. An example is an encryption key.

In addition, in some cases, a third trusted party (TTP) may be necessary to ensure secure transmission. For example, a third party may be responsible for distribution between two participants classified information, which would not become available to the enemy. Or a third party may be used to resolve disputes between two participants regarding the authenticity of the message being transmitted.

From this general model arise three main tasks that need to be solved when developing a specific security service:

1. Develop an encryption/decryption algorithm to perform secure information transfer. The algorithm must be such that an adversary cannot decrypt an intercepted message without knowing the secret information.
2. Create secret information used by the encryption algorithm.
3. Develop a messaging protocol for distributing shared secret information in such a way that it does not become known to the enemy.

Information system security model

There are other security-related situations that do not fit the network security model described above. The general pattern of these situations can be illustrated as follows:

Rice. 8 Information system security model

This model illustrates the concept of information system security, which prevents unwanted access. A hacker who is trying to illegally penetrate systems accessible over the network may simply enjoy hacking, or he may be trying to damage the information system and/or introduce something into it for his own purposes. For example, a hacker's goal might be to obtain credit card numbers stored on the system.

Another type of unwanted access is placing something on a computer system that affects application programs and software utilities, such as editors, compilers, and the like. Thus, there are two types of attacks:

1. Access to information for the purpose of obtaining or modifying data stored in the system.
2. Attacking services to prevent their use.

Viruses and worms are examples of such attacks. Such attacks can be carried out either using floppy disks or over a network.

Security services that prevent unwanted access can be divided into two categories:

1. The first category is defined in terms of the watchdog function. These mechanisms include login procedures, such as password-based ones, to restrict access to authorized users only. These mechanisms also include various firewalls that prevent attacks at various levels of the TCP/IP protocol stack, and, in particular, prevent the penetration of worms, viruses, and other similar attacks.
2. The second line of defense consists of various internal monitors that control access and analyze user activity.

One of the main concepts when ensuring the security of an information system is the concept of authorization - defining and granting access rights to specific resources and/or objects.

The security of an information system should be based on the following basic principles:

1. Information system security must be consistent with the role and objectives of the organization in which this system installed.
2. Ensuring information security requires an integrated and holistic approach.
3. Information security should be an integral part of the management system in a given organization.
4. Information security must be economically justifiable.
5. Responsibilities for safety must be clearly defined.
6. The security of the information system must be periodically re-evaluated.
7. Great value To ensure the security of an information system, there are social factors, as well as administrative, organizational and physical security measures.

In today's global world, network security is critical. Enterprises need to ensure secure access for employees network resources at any time, for which a modern network security strategy must take into account a number of factors such as increasing network reliability, effective management security and protection against constantly evolving threats and new attack methods. For many companies, the problem of ensuring network security is becoming increasingly complex, because... Today's mobile workers using personal smartphones, laptops and tablets for work introduce new potential problems. At the same time, hackers are also not sitting idly by and are making new cyber threats more and more sophisticated.

A recent survey of IT professionals who manage network security [conducted by Slashdotmedia] found that among the important factors when choosing network security solutions, almost half of those surveyed ranked the reliability of the chosen one network solution.

Question asked: When choosing a network security solution, what factors are most important to your company?

Network security vulnerabilities leave a number of potential problems open and expose a company to various risks. IT systems can be compromised through them, information can be stolen, employees and customers can have problems accessing resources they are authorized to use, which can force customers to switch to a competitor.

Service downtime due to security issues can have other financial consequences. For example, a website that is down during rush hour can generate both direct losses and powerful negative PR, which will obviously affect future sales. In addition, some industries have strict resource availability criteria, violation of which can lead to regulatory fines and other unpleasant consequences.

In addition to the reliability of solutions, there are a number of issues that have come to the fore today. For example, about 23% of surveyed IT professionals highlight the cost of the solution as one of the main problems associated with network security; which is not surprising given that IT budgets have been significantly constrained over the past few years. Further, about 20% of respondents identified ease of integration as a priority parameter when choosing a solution. Which is natural in an environment where the IT department is required to do more with fewer resources.

Concluding the conversation about the key parameters in choosing a solution, I would like to note that only approximately 9% of respondents named network functions as a key factor when choosing solutions in the field of network security. When choosing a network security solution corporate systems and minimizing the associated risks, one of the most important factors for almost half (about 48%) of respondents was the reliability of the network and the associated solution.

Question asked: What type of network attack is your IT organization most concerned about?

Today, hackers use a variety of methods to attack company networks. The study found that IT professionals are most concerned about two specific types of attacks: denial of service (DoS) attacks and eavesdropping (Eavesdropping) - these attacks are listed as the most dangerous and prioritized by approximately 25% of respondents. And 15% of respondents each chose IP Spoofing and MITM (man-in-the-middle) attacks as key threats. Other types of threats were prioritized by less than 12% of respondents.

Question asked: When it comes to mobile vulnerabilities, what's your IT team's biggest concern?

Today's growing number of mobile workers and the adoption of bring-your-own-device (BOYD) policies are placing new demands on network security. At the same time, unfortunately, the number of unsafe network applications is growing very quickly. In 2013, HP tested more than 2,000 applications and found that 90% of applications had security vulnerabilities. This situation poses a serious threat corporate security Not surprisingly, 54% of respondents rated threats from malicious applications as the most dangerous.

Summarizing the above, we can draw the following conclusion: modern solutions to ensure network security, among other things, must have the following properties:

• be able to work at the seventh layer of the OSI model (at the application level);
• be able to tie specific user with traffic content;
• have a network attack protection system (IPS) integrated into the solution
• support built-in protection against DoS attacks and eavesdropping;
• generally have a high degree of reliability.

• Federal Law 149 “On information, information technology and information protection";
• Federal Law 152 “On the Protection of Personal Data”;
• Federal Law 139 (amendments to Federal Law 149, the law on communications and Federal Law 436 on the protection of children from information);
• Federal Law 436 (on protection of children from information);
• Federal Law 187 (on the protection of intellectual property and the Internet);
• Federal Law 398 (on blocking extremist sites);
• Federal Law 97 (about bloggers, equating them to the media);
• Federal Law 242 (on the placement of personal data on the territory of the Russian Federation).

• under Article 137 of the Criminal Code of the Russian Federation (illegal collection or dissemination of information about the private life of a person) - imprisonment for up to four years;
• under Article 140 of the Criminal Code of the Russian Federation (illegal refusal to provide documents and materials collected in the prescribed manner) - a fine or deprivation of the right to hold certain positions or engage in certain activities for a period of 2 to 5 years;
• under Article 272 of the Criminal Code of the Russian Federation (illegal access to legally protected computer information) - imprisonment for up to 5 years.

Compliance by enterprises with the requirements of federal legislation is currently monitored by three government agency: Federal Security Service (FSB), Roskomnadzor and FSTEC. Control is carried out through scheduled and unannounced inspections, as a result of which the company can be held liable.

Thus, ignoring the problem of ensuring network security in our country can not only bring great losses to business, but also entail criminal liability for specific company managers.

Conclusion

Combating new attacks requires network security solutions and the development of a network security strategy that meets reliability, cost, and integration issues with other IT systems. The solutions developed must be reliable, provide protection against application-level attacks, and allow traffic to be identified.

From all of the above, a simple conclusion suggests itself - in modern world information security issues cannot be ignored; In response to new threats, it is necessary to look for new approaches to implementing an information protection strategy and use new methods and tools to ensure network security.

Our previous publications:
»

Topic 4. Computer networks and information security

Topic questions

1. Concept, architecture, classification and basics of computer networks. Reference model of open systems interaction and client-server architecture models

2. The concept of “local computer networks” (LAN), classification, purpose and characteristics individual species LAN

3. The concept of “corporate computer network”, its purpose, structure and components

4. Purpose, structure and composition of the Internet. Administrative structure of the Internet. Internet addressing, protocols, services and Internet technologies. Organization of user work on the Internet

5. The concept of “security of computer information”. Objects and elements of data protection in computer systems

6. Computer viruses and antivirus software, their role in information protection. Methods and techniques for ensuring information protection from viruses

7. Cryptographic method of information protection

Question 1. Concept, architecture, classification and basics of computer networks. Reference model of open systems interaction and client-server architecture models.

Computer network is a collection of computers and various other devices that provide interactive information exchange and sharing of network resources.

Network resources include computers, data, programs, network equipment, various external memory devices, printers, scanners and other devices called network components. Computers, included in the network are called nodes (clients or workers network stations).

Under network architecture components, methods are understood With stupid, technology and topology of its construction.

Access Methods regulate the procedures for network nodes to gain access to the data transmission medium.

Networks are classified according to access methods:

with random access CSMA/CS (Carrier Sense Multiple Access with Collision Detection);

with marker rings- based on a marker tire and a marker ring.

There are two varieties of random access method: CSMA/CS: Carrier Sense Multiple Access with Collision Detection and Priority Access.

Token access methods include two types of data transmission: token bus (IEEE 802.4 standard) and token ring (IEEE 802.5 standard). In this case, a marker is understood as a control sequence of bits transmitted by a computer over a network.

Under the computer network topology is understood as an image of a network in the form of a graph, the vertices of which correspond to network nodes, and the edges correspond to connections between them.

There are four main topologies: tire(Bus), ring(Ring) star(Star) and mesh topology(Mesh). Other types of topologies represent different kinds of combinations of these types.

As modern technologies for construction and operation The following computer networks are used:

X.25 technology is one of the most widespread: due to the ability to work on unreliable data lines through the use of protocols with an established connection and error correction on the channel and network levels open OSI model;

Frame Relay technology is designed to transmit information with an uneven flow. Therefore, it is more often used when transmitting digital data between individual local networks or segments of territorial or global networks. The technology does not allow the transmission of speech, video or other multimedia information;

ISDN technology (Integrated Services Digital Network), which allows for simultaneous transmission of data, voice and multimedia information;

ATM (asynchronous transfer mode): technology expands the capabilities of ISDN networks for transmitting multimedia data by increasing the transmission speed to 2.5 Gbit/s;

VPN (virtual private network): technology allows you to set up a private network that functions as a tunnel through a larger network, such as the Internet.

Computer networks are classified according to the following criteria: network size, departmental affiliation, access methods, construction topology, methods of switching network subscribers, types of transmission medium, integration of services, type of computers used in the network, property rights.

Classification of networks by size is the most common. According to this criterion there are local KS (LAN networks), geographically distributed(regional) CS (MAN networks) and global CS (WAN network).

By departmental affiliation distinguish between computer networks of industries, associations and organizations. Examples of such networks are the computer networks of RAO ES, the Surgutneftegaz association, the Savings Bank of Russia, etc.

By methods of access to the data transmission medium There are networks with random access CSMA/CS and access using a token bus and a token ring.

By topology There are bus, ring, star, mesh, mesh and mixed networks.

By way subscriber switching networks There are networks with shared transmission media and switched networks.

By type of data transmission medium There are wired, cable and wireless CS.

To wired CS refers to CS with wires without any insulating or shielding protection located in the air.

Cable communication lines include three types of cables: twisted pair cables, coaxial cable and fiber optic cable.

Wireless communication lines represent various radio channels of terrestrial and satellite communications.

Integrated Services NetworksISDN are focused on providing services for the use of telefax, telex, videotelex, organizing conference calls and multimedia transmission - information.

Depending on type of computers used differentiate homogeneous networks containing only computers of the same type, and heterogeneous networks, the nodes of which can be computers of different types.

Depending on property rights networks can be networks public use(public) or private(private).

During the operation of a computer network, all its components actively interact with each other. To unify interaction processes, the International Standards Organization has developed reference interaction model open systems (OSI model).

It is recommended to consider the OSI model using a model diagram and indicating the interaction of protocols and packets at various levels of the OSI model. Under exchange protocol(communications, data representations) understand the description of the formats of transmitted data packets, as well as the system of rules and agreements that must be observed when organizing the interaction of data transmission between individual processes. The OSI model divides communications into seven layers: application, presentation, session, transport, network, link, and physical.

Application layer is the highest level of the OSI model. It provides programs with access to a computer network. Examples of application layer processes include file transfer programs, email services, and network management.

Data presentation layer designed to convert data from one form to another, for example, from EBCDIC (Extended Binary Coded Decimal Information Interchange Code) to ASCII (American standard code for information exchange). At this level, special and graphic symbols are processed, data compression and recovery, data encoding and decoding are carried out. At the session level control is carried out to ensure the security of transmitted information and communication support until the end of the transmission session. Transport layer is the most important, as it serves as an intermediary between upper levels, application-oriented, and lower layers that provide preparation and transmission of data over the network. The transport layer is responsible for speed, security, and assigning unique numbers to packets. At the network level The network addresses of the recipient nodes are determined, and the routes for the packets are established. At the link level data frames are generated, transmitted and received. Physical layer is the lowest level of the OSI reference model. At this level, frames arriving from the network layer are converted into sequences of electrical signals. At the receiver node, the electrical signals are converted back into frames.

The interaction of computers on a network is based on various models client-server architecture. Under network servers understand computers that provide certain resources. Depending on the type of resource, there are database servers, application servers, print servers etc. Network clients are computers that request resources in the process of solving specific problems.

Currently, there are four client-server architecture models that exist and are used in practice.

In the model " file server"Only the data is located on the server. All data processing is carried out on the client’s computer.

Model "access to remote data" requires placement on a data server and an information resource manager. Requests for information resources are sent over the network to the resource manager, who processes them and returns the processing results to the client.

Complex server model involves the location of application functions and data access functions on the server by placing data, a resource manager and an application component. In the model, compared to “access to remote data,” higher network performance is achieved due to better centralization of application computing and an even greater reduction in network traffic.

Model "three-tier client-server architecture" used when a complex and voluminous application component is located, for which a separate server is used, called an application server.

<< Возврат на ВОПРОСЫ ТЕМЫ >>