In most cases, the culprits turned out to be full-time employees of organizations who were well familiar with the work regime and protective measures. This once again confirms the danger of internal threats.

Previously we distinguished between static and dynamic integrity. For the purpose of violation static integrity an attacker (usually a full-time employee) can:

• enter incorrect data;
• To change the data.

Sometimes the content data changes, sometimes the service information changes. Email headers can be forged; the letter as a whole can be falsified by a person who knows the sender’s password (we have given relevant examples). Note that the latter is possible even when integrity is controlled by cryptographic means. There is an interaction between different aspects information security: If confidentiality is compromised, integrity may suffer.

A threat to integrity is not only the falsification or modification of data, but also the refusal of completed actions. If there is no means to ensure "non-repudiation", computer data cannot be considered as evidence.

Potentially vulnerable to disruption integrity Not only data, but also programs. Threats dynamic integrity are a violation transaction atomicity, reordering, theft, duplication of data or insertion of additional messages (network packets, etc.). This activity in a network environment is called active listening.

Top Privacy Threats

Confidential information can be divided into subject and service information. Service information (for example, user passwords) does not relate to a specific subject area; it plays a technical role in an information system, but its disclosure is especially dangerous, since it is fraught with unauthorized access to all information, including subject information.

Even if information is stored on a computer or intended for computer use, threats to its confidentiality may be non-computer and non-technical in nature.

Many people have to act as users of not one, but a number of systems (information services). If reusable passwords or other confidential information are used to access such systems, then most likely this data will be stored not only in the head, but also in a notebook or on pieces of paper that the user often leaves on the desktop or loses. And the point here is not the lack of organization of people, but the initial unsuitability of the password scheme. It's impossible to remember much different passwords; recommendations for their regular (if possible, frequent) change only aggravate the situation, forcing the use of simple alternation schemes or even trying to reduce the matter to two or three easily remembered (and equally easy to guess) passwords.

The described class of vulnerabilities can be called placing confidential data in an environment where it is not provided (and often cannot be provided) with the necessary protection. In addition to passwords stored in user notebooks, this class includes the transmission of confidential data in clear text (in a conversation, in a letter, over a network), which makes it possible to intercept it. Various technical means can be used for an attack (eavesdropping or eavesdropping on conversations, passive network listening etc.), but the idea is the same - to access data at the moment when it is least protected.

The threat of data interception should be taken into account not only during the initial configuration of the IS, but also, very importantly, during all changes. Exhibitions are a very dangerous threat, to which many organizations send equipment from the production network with all the data stored on them. Passwords remain the same; during remote access they continue to be transmitted in clear text.

Another example of change: storing data on backup media. To protect data on primary media, advanced access control systems are used; copies often just lie in cabinets, and many people can access them.

Data interception is a serious threat, and if privacy is truly critical and data is transmitted over many channels, protecting it can be very difficult and costly. The technical means of interception are well developed, accessible, easy to use, and anyone can install them, for example, on a cable network, so this threat exists not only for external, but also for internal communications.

Hardware theft is a threat not only to backup media, but also to computers, especially laptops. Laptops are often left unattended at work or in the car, and sometimes they are simply lost.

A dangerous non-technical threat to confidentiality are methods of moral and psychological influence, such as masquerade- performing actions under the guise of a person with authority to access data.

Unpleasant threats that are difficult to defend against include: abuse of power. On many types of systems, a privileged user (for example, a system administrator) is able to read any (unencrypted) file, access any user's mail, etc. Another example is causing damage when after-sales service. Typically, the service engineer receives unrestricted access to the equipment and has the ability to bypass software protection mechanisms.

Protection methods

Existing methods and information security tools computer systems (CS) can be divided into four main groups:

• methods and means of organizational and legal protection of information;
• methods and means of engineering and technical protection of information;
• cryptographic methods and means of information security;
• software and hardware methods and means of information security.

Methods and means of organizational and legal protection of information

Methods and means of organizational information protection include organizational, technical and organizational and legal measures carried out in the process of creating and operating a computer system to ensure information protection. These activities should be carried out during the construction or renovation of premises in which the compressor station will be located; system design, installation and adjustment of its hardware and software; testing and checking the performance of the CS.

At this level of information protection, international treaties, state regulations, state standards and local regulations of a specific organization are considered.

Methods and means of engineering protection

Engineering and technical means of information security mean physical objects, mechanical, electrical and electronic devices, structural elements of buildings, fire extinguishing means and other means that ensure:

• protection of the territory and premises of the compressor station from intruders;
• protection of CS hardware and storage media from theft;
• preventing the possibility of remote (from outside the protected area) video surveillance (eavesdropping) of personnel work and functioning technical means KS;
• preventing the possibility of intercepting PEMIN (stray electromagnetic radiation and interference) caused by operating technical means of the CS and data transmission lines;
• organizing access to the premises of the compressor station for employees;
• control over the work schedule of the CS personnel;
• control over the movement of CS employees in various production areas;
• fire protection of compressor station premises;
• minimizing material damage from information loss resulting from natural disasters and man-made accidents.

The most important component of engineering and technical means of protecting information are technical means of security, which form the first line of protection of the CS and are a necessary but insufficient condition for maintaining the confidentiality and integrity of information in the CS.

Cryptographic protection methods and encryption

Encryption is the primary means of ensuring confidentiality. So, in the case of ensuring the confidentiality of data on the local computer, encryption of this data is used, and in the case of network interaction, encrypted data transmission channels are used.

The science of protecting information using encryption is called cryptography(cryptography in translation means mysterious writing or secret writing).

Cryptography is used:

• to protect the confidentiality of information transmitted over open communication channels;
• to authenticate (confirm the authenticity) of the transmitted information;
• to protect confidential information when stored on open media;
• to ensure the integrity of information (protecting information from unauthorized changes) when transmitted over open communication channels or stored on open media;
• to ensure the indisputability of information transmitted over the network (preventing possible denial of the fact of sending a message);
• to protect software and other information resources from unauthorized use and copying.

Software and hardware-software methods and means of ensuring information security

Hardware information security includes electronic and electronic-mechanical devices that are included in the technical means of the CS and perform (independently or in a single complex with software) some information security functions. The criterion for classifying a device as a hardware rather than an engineering means of protection is its mandatory inclusion in the composition of the technical means of the CS.

To the main hardware information protection include:

• devices for entering user identification information (magnetic and plastic cards, fingerprints, etc.);
• devices for encrypting information;
• devices to prevent unauthorized activation of workstations and servers (electronic locks and interlocks).

Examples of auxiliary information security hardware:

• devices for destroying information on magnetic media;
• alarm devices about attempts of unauthorized actions by CS users, etc.

Information security software means special programs included in the CS software exclusively to perform protective functions. To the main software information protection include:

• programs for identification and authentication of CS users;
• programs for restricting user access to CS resources;
• information encryption programs;
• programs for protecting information resources (system and application software, databases, computer training tools, etc.) from unauthorized modification, use and copying.

Note that identification, in relation to ensuring the information security of a computer system, is understood as the unambiguous recognition of the unique name of the subject of the computer system. Authentication means confirming that the name presented corresponds to a given subject (confirming the identity of the subject).

Examples supporting software information protection:

• programs for destroying residual information (in blocks random access memory, temporary files, etc.);
• audit programs (keeping logs) of events related to the safety of the CS to ensure the possibility of recovery and proof of the fact of the occurrence of these events;
• programs for simulating work with a violator (distracting him to obtain supposedly confidential information);
• test control programs for CS security, etc.

Results

Since potential security threats information is very diverse, the goals of information protection can be achieved only by creating a comprehensive information protection system, which is understood as a set of methods and means united for a single purpose and ensuring the necessary efficiency of information protection in the CS.

In any organization or significant object. These tools are used to search for information theft technology, which sometimes turns out to be installed at a facility, to isolate premises during negotiations or some important meetings, to protect communications and equipment used for

Technical means of information security: telephone lines

Telephone communication lines are considered to be the most likely methods of information leakage. Most of the devices for active protection of telephone lines are designed to neutralize listening and recording equipment that is connected between the station and the subscriber device. Protection is implemented through the generation of high-frequency and low-frequency interference into the telephone line, regulation electric current consumption in the line during a conversation, which causes a decrease in the quality of the signal at the input of eavesdropping equipment, and also blocks the acoustic start of sound recording equipment. If radio transmitting devices are used, then a shift in the channel frequency or blurring of the transmission spectrum also occurs.

Technical means of information security: electronic systems

Modern business cannot exist without the use of large volumes of information, which involves the use of electronic processing systems that create side electromagnetic radiation. With the help of specialized technical means, it is quite possible to intercept them outside the controlled area, and then completely restore the information. In addition to such radiation, nearby operating electronic devices there is always a quasi-static information electric and magnetic field, which rapidly decreases with distance, however, they require pickup on circuits that are located quite close. Such fields are significant at frequencies from tens of kilohertz to tens of megahertz. In this case, interception of information becomes possible by directly connecting receiving equipment to these communications outside the protected area. To prevent information leakage through such channels, they are used to actively mask stray electromagnetic radiation.

As you can see, at the moment there are quite effective methods and means of protecting information that can be used in modern companies.

Information security refers to the security of information and its supporting infrastructure from any accidental or malicious influences that may result in damage to the information itself, its owners or supporting infrastructure.

There are many reasons and motives why some people want to spy on others. With a little money and diligence, attackers can organize a number of channels for information leakage, using their own ingenuity and (or) the negligence of the information owner. The objectives of information security come down to minimizing damage, as well as predicting and preventing such impacts.

To build a reliable system information protection it is necessary to identify all possible security threats, assess their consequences, determine the necessary measures and means of protection, and evaluate their effectiveness. Risk assessment is carried out by qualified specialists using various tools, as well as methods for modeling information security processes. Based on the results of the analysis, the highest risks are identified, transforming a potential threat into the category of truly dangerous and, therefore, requiring additional security measures.

Information may have several levels of significance, importance, and value, which, accordingly, provides for the presence of several levels of its confidentiality. The presence of different levels of access to information implies different degrees of ensuring each of the information security properties - confidentiality, integrity And availability.

Analysis of the information security system and modeling of probable threats allows us to determine the necessary protection measures. When building an information security system, it is necessary to strictly observe the proportion between the cost of the security system and the degree of value of the information. And only by having information about the market for open domestic and foreign technical means of unauthorized retrieval of information, is it possible to determine the necessary measures and methods for protecting information. This is one of the most difficult tasks in designing a trade secrets protection system.

When various threats arise, you have to protect yourself from them. In order to assess probable threats, the main categories of sources of confidential information should be listed - these can be people, documents, publications, technical media, technical means of supporting production and labor activities, products, industrial and production waste, etc. In addition, Possible channels for information leakage include joint activities with other companies; participation in negotiations; fictitious requests from outside for the opportunity to work in the company in various positions; visiting company guests; knowledge of the company's sales representatives about the characteristics of the product; excessive advertising; supplies of related products; consultations with outside specialists; press publications and speeches, conferences, symposia, etc.; conversations in non-work areas; law enforcement agencies; “offended” employees of the enterprise, etc.

All possible ways to protect information boil down to several basic techniques:

preventing direct penetration to the source of information using engineering designs of technical security means;

hiding reliable information;

providing false information.

Simplified, it is customary to distinguish two forms of information perception – acoustic and visual (signal). Acoustic information in message streams is predominant. The concept of visual information is very broad, so it should be divided into volumetric-specific And analog-digital.

The most common ways of unauthorized obtaining confidential information are:

listening to premises using technical means;

observation (including photography and video recording);

interception of information using radio monitoring tools for informative side emissions of technical means;

theft of storage media and industrial waste;

reading residual information in system storage devices after completing an authorized request, copying storage media;

unauthorized use of registered user terminals through theft of passwords;

making changes, disinformation, physical and software methods of destruction (destruction) of information.

A modern concept for protecting information circulating on premises or technical systems commercial facility, requires not periodic, but constant monitoring in the area where the facility is located. Information protection includes a whole range of organizational and technical measures to ensure information security by technical means. It must solve problems such as:

preventing an attacker from accessing sources of information for the purpose of destroying, stealing or altering it;

protection of storage media from destruction as a result of various influences;

preventing information leakage through various technical channels.

The methods and means of solving the first two problems do not differ from the methods and means of protecting any material assets; the third task is solved exclusively by methods and means of engineering and technical information protection.

To determine ways to stop information leakage, it is necessary to consider known technical means of secret information collection and principles of their action.

Attackers have enough big choice means for unauthorized receipt of confidential information. Some are convenient due to ease of installation, but, accordingly, can also be easily detected. Others are very difficult to find, but also difficult to install. They differ in application technology, in patterns and methods of energy use, and in types of information transmission channels. It is important to emphasize that for every method of obtaining information through technical channels of leakage, there is a countermeasure, often more than one, that can reduce such a threat to a minimum.

Depending on the scheme and method of using energy, special means of secretly obtaining information can be divided into passive (re-emitting) and active (emitting). Required elements of all active special equipment is a sensor or controlled information sensor that converts information into an electrical signal. A converter amplifier that amplifies a signal and converts it into one form or another for subsequent transmission of information. The signal form can be analog or digital. A mandatory element of active special means of information retrieval is the terminal emitting module.

Passive devices do not emit additional energy outward. To receive information from such devices, a powerful signal is sent from a remote control point in the direction of the controlled object. Having reached the object, the signal is reflected from it and surrounding objects and partially returns to the control point. The reflected signal carries information about the properties of the control object. Formally, almost all means of intercepting information on natural or artificial communication channels can be classified as passive special means. They are all energetically and physically secretive.

The most common and relatively inexpensive way to secretly obtain information is still the installation of various bookmarks (bugs). Mortgage device– a covertly installed technical means of secretly obtaining information. Some of them are designed to obtain acoustic information, others are designed to obtain visual images, digital or analog data from used computing tools and office equipment, communications equipment, telecommunications, etc.

Today there are a huge number of similar devices on the market. They differ in design and method of transmitting information - stand-alone or networked; they can be made in the form of standard elements of existing power and low-current lines (plugs, connectors, etc.), radio bookmarks in the form of pens, ashtrays, cardboard, “forgotten” personal items , standard elements of telephone sets, etc. This category of means includes various options miniature voice recorders, micro cameras, television cameras, etc.

More expensive and intended for long-term monitoring technical means are installed in advance at the control objects (for example, during the period of major or cosmetic repairs). These can be wired devices with microphones, deeply camouflaged devices (for example, in computer technology), acoustic or video monitoring devices, autonomous radio microphones or optoelectronic microphones with remote radiating elements, etc.

The most complex and, accordingly, the most expensive - special technical means, allowing you to intercept information at some distance from its source. These are various recorders of vibroacoustic vibrations of walls and communication systems that arise during a conversation in a room; recorders of weakened acoustic fields penetrating through natural sound guides (for example, ventilation systems); recorders of spurious radiation from operating office equipment; directional and highly sensitive microphones for monitoring speech information from remote sources; means of remote visual or video monitoring; laser means for monitoring window glass vibrations, etc.

Registration of conversations (negotiations) is one of the most common methods and a fairly informative channel for secretly obtaining information. Listening can be carried out either by direct eavesdropping (through a door, ventilation ducts, walls, etc.) or using technical means. These can be a variety of microphones, voice recorders (analog with recording on magnetic tape, digital with recording on flash memory, including those equipped with an acoustic device), directional microphones, etc. The tactics for using these devices are quite simple, but effective.

Acoustic microphones. The most common devices are various microphones. Microphones can be built into walls, electrical or telephone sockets, various equipment, etc. They can be camouflaged as anything, for example, they can look like an ordinary capacitor, which is in the printer circuit and connected to its power system. Most often used wired microphones with the transmission of information through specially laid wires, through the power supply network, through alarm wires, radio broadcasts, etc. The range of information transmission from such devices is practically unlimited. They, as a rule, appear after various repairs, after renting premises, visits from various inspectors, etc. They are difficult to detect, but are easily eliminated.

Radio microphones- These are VHF microtransmitters, which can be either stationary or temporary. The conversations themselves are intercepted at a distance of up to several tens of meters. The range of information transmission ranges from tens to hundreds of meters, and to increase the range, intermediate repeaters are used, and “bugs” are installed on metal objects - water supply pipes, household electrical appliances (serving as an additional transmitting antenna).

Any radio microphones and telephone transmitters emit radiation in the radio range (20–1500 MHz), so one way or another they can be detected using passive means. Atmospheric and industrial interference, which are constantly present in the distribution medium of the information carrier, have the greatest impact on the amplitude of the signal, and to a lesser extent on its frequency. In functional channels that allow the transmission of more broadband signals, for example, in the VHF range, information is transmitted, as a rule, with frequency-modulated signals as they are more noise-resistant, and in the narrow-band LW, MF and HF bands - with amplitude-modulated signals. To increase the secrecy of operation, the power of the transmitters is designed to be low. High secrecy of signal transmission from radio microphones is often achieved by choosing an operating frequency close to the carrier frequency of a powerful radio station, and is masked by its signals.

Connected microphones can have a wide variety of designs that correspond to acoustic “gaps”. A “needle” microphone, the sound of which is supplied through a thin tube about 30 cm long, can be inserted into any slot. A dynamic heavy primer, for example, can be lowered into a ventilation pipe from the roof. A flat crystal microphone can be placed under the door from below.

Optical transmitter microphone transmits the signal from the remote microphone using infrared radiation invisible to the eye. The receiver uses special optoelectronic equipment with a silicon photodetector.

Based on the operating time of transmitters, special equipment is divided into continuously emitting, switching on transmission when conversations or noise appears in the controlled room, and remotely controlled. Today, “bugs” have appeared with the ability to accumulate information and subsequently transmit it on the air (signals with ultra-short transmission), with pseudo-random hopping of the carrier frequency of a radio signal, with direct expansion of the spectrum of the original signal and modulation of the carrier frequency with a pseudo-random M-sequence (noise-like signals).

The disadvantage of all the acoustic reconnaissance means described above is the need to penetrate the object of interest in order to covertly install special equipment. These disadvantages are absent directional microphones to listen to conversations. They can have different designs.

Used parabolic reflector microphone with a diameter of 30 cm to 2 m, the focus of which is a sensitive ordinary microphone. Handset microphone can be camouflaged as a cane or umbrella. Not long ago, the so-called flat directional microphones, which can be built into the wall of a briefcase or even worn as a vest under a shirt or jacket. The most modern and effective are considered laser And infrared microphones, which allow you to reproduce speech, any other sounds and acoustic noise during light-raising sensing of window glass and other reflective surfaces. In this case, the listening distance, depending on the actual situation, can reach hundreds of meters. These are very expensive and complex devices.

Unauthorized access to acoustic information can also be achieved using stethoscopes And hydroacoustic sensors. Sound waves carrying speech information propagate well through air ducts, water pipes, reinforced concrete structures and are recorded by special sensors installed outside the protected facility. These devices detect micro-oscillations of contact partitions using an attached back side obstacles of a miniature vibration sensor with subsequent signal conversion. With the help of stethoscopes, it is possible to listen to conversations through walls more than a meter thick (depending on the material). Sometimes hydroacoustic sensors are used to listen to conversations in rooms using water supply and heating pipes.

Leakage of acoustic information is also possible due to the effect of sound vibrations on the elements of the electrical circuit of some technical devices due to electroacoustic conversion and heterodyne equipment. To the number technical devices, capable of forming electrical leakage channels, include telephones (especially push-button), security and fire alarm sensors, their lines, electrical wiring network, etc.

For example, in the case of telephones and electric watches, information leakage occurs due to the conversion of sound vibrations into an electrical signal, which then propagates along wire lines. Confidential information can be accessed by connecting to these wired lines.

In televisions and radios, information leakage occurs due to the local oscillators (frequency generators) present in these devices. Due to the modulation of the carrier frequency by the sound oscillation, the local oscillator “leaks” into the system audio information and is emitted in the form of an electromagnetic field.

To detect the presence of such leakage channels in a protected area, turn on a powerful source of sound vibrations and check for the presence of signals on the outgoing lines.

To detect bookmarks with the transmission of acoustic information through natural wired channels (telephone line, electrical network, fire alarm circuits, etc.), the method of detecting a known sound signal is used. With this technology, the search for embedded devices is carried out by listening to signals in wired communication in order to identify a known sound “by ear”.

To minimize possible losses from information leakage, there is no need to try to protect the entire building. The main thing is that it is necessary to limit access to those places and to the equipment where confidential information is concentrated (taking into account the possibilities and methods of obtaining it remotely).

The choice of location for the meeting room is especially important. It is advisable to place it on the upper floors. It is advisable that the meeting room does not have windows or that they open onto the courtyard. The use of alarm systems, good sound insulation, sound protection of holes and pipes passing through these rooms, dismantling of unnecessary wiring, and the use of other special devices will seriously complicate attempts to introduce special equipment for collecting acoustic information. Also, there should be no televisions, receivers, copiers, electric clocks, telephones, etc. in the meeting room.

The task of technical means of information security is either to eliminate channels of information leakage or to reduce the quality of information received by an attacker. The main indicator of the quality of speech information is considered to be intelligibility - syllabic, verbal, phrasal, etc. Most often, syllable intelligibility is used, measured as a percentage. It is generally accepted that the quality of acoustic information is sufficient if about 40% of syllable intelligibility is ensured. If it is almost impossible to understand a conversation (even with the use of modern technical means of increasing speech intelligibility in noise), then syllable intelligibility corresponds to about 1–2%.

Prevention of information leakage through acoustic channels comes down to passive and active methods of protection. Accordingly, all information security devices can be safely divided into two large classes - passive and active. Passive - measure, determine, localize leakage channels without introducing anything into the external environment. Active ones - “make noise”, “burn out”, “rock” and destroy all kinds of special means of secretly obtaining information.

Passive technical means of protection– a device that ensures the concealment of an object of protection from technical reconnaissance methods by absorbing, reflecting or dispersing its radiation. Passive technical means of protection include shielding devices and structures, masks for various purposes, separating devices in power supply networks, protective filters, etc. The purpose of the passive method is to weaken the acoustic signal from the sound source as much as possible, for example, by finishing the walls with sound-absorbing materials.

Based on the results of the analysis of architectural and construction documentation, a set of necessary measures for the passive protection of certain areas is formed. Partitions and walls, if possible, should be layered, the materials of the layers should be selected with sharply different acoustic characteristics (for example, concrete-foam rubber). To reduce membrane transport, it is desirable that they be massive. In addition, it is wiser to install double doors with an air gap between them and sealing gaskets around the perimeter of the jamb. To protect windows from information leakage, it is better to make them with double glazing, using sound-absorbing material and increasing the distance between the glasses to increase sound insulation, using curtains or blinds. It is advisable to equip glass with emitting vibration sensors. Various openings should be covered with soundproofing dampers during confidential conversations.

Another passive way to prevent information leakage is the correct grounding of technical means of information transmission. The grounding bus and grounding loop should not have loops, and it is recommended to be made in the form of a branching tree. Grounding lines outside the building should be laid at a depth of about 1.5 m, and inside the building - along the walls or special channels(for the possibility of regular inspection). If several technical equipment are connected to the grounding main, they must be connected to the main in parallel. When installing grounding, natural grounding conductors cannot be used (metal structures of buildings connected to the ground, metal pipes laid in the ground, metal sheaths of underground cables, etc.).

Since various technical devices are usually connected to a common network, various interferences arise in it. To protect equipment from external network interference and protection from interference created by the equipment itself, it is necessary to use network filters. The filter design must provide a significant reduction in the likelihood of side coupling occurring inside the housing between the input and output due to magnetic, electric or electromagnetic fields. In this case, a single-phase power distribution system must be equipped with a transformer with a grounded midpoint, and a three-phase system must be equipped with a high-voltage step-down transformer.

Screening of premises allows you to eliminate interference from technical means of information transmission (meeting rooms, server rooms, etc.). The best screens are made of sheet steel. But the use of mesh greatly simplifies the issues of ventilation, lighting and screen cost. To reduce the radiation levels of technical means of information transmission by about 20 times, we can recommend a screen made of a single copper mesh with a cell of about 2.5 mm or from thin galvanized steel with a thickness of 0.51 mm or more. Sheets of screens must be electrically firmly connected to each other along the entire perimeter. Room doors also need to be shielded, ensuring reliable electrical contact with the door frame around the entire perimeter at least every 10–15 mm. If there are windows in the room, they are covered with one or two layers of copper mesh with a mesh size of no more than 2 mm. The layers must have good electrical contact with the walls of the room.

Active technical means of protection– a device that creates masking active interference (or imitates it) for technical reconnaissance means or disrupts the normal functioning of means of covert information collection. Active methods of preventing information leakage can be divided into detection and neutralization of these devices.

Active technical means of protection also include various simulators, means of setting up aerosol and smoke screens, electromagnetic and acoustic noise devices and other means of setting up active interference. An active method of preventing information leakage through acoustic channels comes down to creating a strong interference signal in a “dangerous” environment, which is difficult to filter out from the useful one.

Modern eavesdropping technology has reached such a level that it becomes very difficult to detect reading and listening devices. The most common methods for identifying stowage devices are: visual inspection; nonlinear location method; metal detection; X-ray scanning.

Taking special measures to detect information leakage channels is both expensive and time-consuming. Therefore, as means of protecting information, it is often more profitable to use telephone conversation security devices, spatial noise generators, acoustic and vibroacoustic noise generators, and network filters. To prevent unauthorized recording of conversations, voice recorder suppression devices are used.

Voice recorder jammers(also effective on microphones) are used to protect information using acoustic and electromagnetic interference. They can affect the storage medium itself, microphones in the acoustic range, and the electronic circuits of the sound recording device. There are stationary and portable versions of various suppressors.

In conditions of noise and interference, the hearing threshold for receiving weak sound increases. This increase in the hearing threshold is called acoustic masking. To generate vibroacoustic interference, special generators based on electrovacuum, gas-discharge and semiconductor radioelements are used.

In practice, the most widely used noise generators. Noise generators first type are used to suppress microphones directly in both radio transmitting devices and voice recorders, i.e. such a device simply produces a certain speech-like signal transmitted to acoustic speakers and quite effectively masks human speech. In addition, such devices are used to combat laser microphones and stethoscope listening. It should be noted that acoustic noise generators are perhaps the only means to combat wired microphones. When organizing acoustic masking, it should be remembered that acoustic noise creates additional discomfort for employees and negotiators (the usual power of a noise generator is 75–90 dB), but in this case, convenience must be sacrificed for safety.

It is known that “white” or “pink” noise, used as acoustic masking, differs in structure from the speech signal. The knowledge and use of these differences are the basis of speech signal noise reduction algorithms, widely used by technical intelligence specialists. Therefore, along with such noise interference, for the purpose of active acoustic masking, today more efficient generators of “speech-like” interference, chaotic pulse sequences, etc. are used. The role of devices that convert electrical vibrations into acoustic vibrations of the speech frequency range is usually performed by small-sized broadband acoustic speakers. They are usually installed indoors in places where acoustic reconnaissance equipment is most likely to be located.

“Pink” noise is a complex signal, the level of spectral density of which decreases with increasing frequency with a constant slope of 3–6 dB per octave over the entire frequency range. “White” is noise whose spectral composition is uniform over the entire range of emitted frequencies. That is, such a signal is complex, like human speech, and it is impossible to identify any predominant spectral components in it. “Speech-like” interference is formed by mixing various combinations segments of speech signals and musical fragments, as well as noise interference, or from fragments of the hidden speech signal itself when repeatedly superimposed with different levels (the most effective method).

Systems ultrasonic suppression emit powerful ultrasonic vibrations inaudible to the human ear (about 20 kHz). This ultrasonic effect leads to overload of the low-frequency amplifier of the voice recorder and to significant distortion of the recorded (transmitted) signals. But the experience of using these systems has shown their inconsistency. The intensity of the ultrasonic signal was higher than all acceptable medical standards for human exposure. When the ultrasound intensity decreases, it is impossible to reliably suppress eavesdropping equipment.

Acoustic and vibroacoustic generators produce noise (speech-like, “white” or “pink”) in the band sound signals, regulate the level of noise interference and control acoustic emitters to produce continuous noise acoustic interference. The vibration emitter is used to provide continuous noise vibration interference to the enclosing structures and building communications of the premises. Expanding boundaries frequency range interference signals allows you to reduce the requirements for the level of interference and reduce verbal speech intelligibility.

In practice, one and the same surface has to be made noisy by several vibration emitters operating from different, uncorrelated sources of interfering signals, which clearly does not help reduce the noise level in the room. This is due to the possibility of using a method to compensate for interference when eavesdropping on a room. This method consists of installing several microphones and two- or three-channel recording of a mixture of a hidden signal with interference at spatially separated points, followed by subtraction of the interference.

Electromagnetic generator(generator second type) causes radio interference directly to microphone amplifiers and voice recorder input circuits. This equipment is equally effective against kinematic and digital voice recorders. As a rule, radio interference generators with a relatively narrow emission band are used for these purposes in order to reduce the impact on conventional radio-electronic equipment (they have virtually no effect on the operation of GSM cell phones, provided that telephone communication was established before the jammer was turned on). The generator emits electromagnetic interference in a directional direction, usually in a cone of 60–70°. And to expand the suppression zone, a second generator antenna or even four antennas are installed.

You should be aware that if the suppressors are poorly positioned, false alarms may occur in security and fire alarms. Devices with a power of more than 5–6 W do not meet medical standards for human exposure.

Telephone communication channels are the most convenient and at the same time the most insecure way to transmit information between subscribers in real time. Electrical signals are transmitted through wires in the clear, and it is very easy and cheap to wiretap a telephone line. Modern technology telephone communication continues to be the most attractive for espionage purposes.

There are three physical ways to connect mortgage devices to wired telephone lines:

contact (or galvanic method) – information is collected by direct connection to the controlled line;

non-contact induction - interception of information occurs through the use of magnetic field strength near telephone wires. With this method, the magnitude of the detected signal is very small and such a sensor responds to extraneous electromagnetic interference;

non-contact capacitive - interception of information occurs due to the registration of the electrical component of the scattering field in the immediate vicinity of telephone wires.

With the inductive or capacitive method, information is intercepted using appropriate sensors without direct connection to the line.

The connection to the telephone line can be made at the PBX or anywhere between the telephone set and the PBX. Most often this happens in the junction box closest to the phone. The listening device is connected to the line either in parallel or in series, and a branch is made from it to the interception post.

The so-called system "telephone ear" is a device that is connected to a telephone line or built into a telephone. An attacker, by calling a telephone equipped in this way and transmitting a special activation code, gets the opportunity to listen to conversations in a controlled room via a telephone line. At the same time, the subscriber’s phone is turned off, preventing him from ringing.

Information can also be taken from a telephone line while the handset is on the hook by externally activating its microphone with high-frequency vibrations ( high frequency pumping). High-frequency pumping also allows you to remove information from household and special equipment (radio points, electric clocks, fire alarms) if it has a wired outlet from the room. Such systems are essentially passive; it is very difficult to detect them outside the moment of use.

In phones with an electromagnetic ringer, it is possible to implement its reversibility (the so-called "microphone effect"). When mechanical (including from voice) vibrations of the moving parts of the phone, an electric current arises in it with a signal amplitude of up to several millivolts. This voltage is quite enough for further signal processing. It should be said that in a similar way it is possible to intercept useful microelectric currents not only from a telephone call, but also from an apartment call.

In computerized telephone systems, all telephone connections are made by the computer in accordance with the program embedded in it. When remotely penetrating a local computer system or the control computer itself, an attacker has the ability to change the program. As a result, he gets the opportunity to intercept all types of information exchange conducted in the controlled system. However, it is extremely difficult to detect the fact of such interception. All methods of protecting computerized telephone systems can be reduced to replacing the conventional modem connecting the PBX with external lines with a special one, which allows access to the system only from authorized numbers, protecting internal software terminals, thoroughly checking the trustworthiness of employees performing the duties of a system administrator, and sudden checks of software PBX installations, tracking and analysis of suspicious calls.

Organize listening cell phone much simpler than is commonly believed. To do this, you need to have several scanners (radio monitoring posts) and adapt to the movements of the monitored object. Mobile phone cellular communications in fact, it is a complex miniature transceiver radio station. To intercept radio communications, knowledge of the communication standard (carrier frequency of radio transmission) is required. Digital cellular networks (DAMPS, NTT, GSM, CDMA, etc.) can be listened to, for example, using a regular digital scanner. The use of standard encryption algorithms in cellular communication systems also does not guarantee security. The easiest way to listen to a conversation is if one of the people talking is talking from a regular landline telephone; all you need to do is gain access to the telephone distribution box. Mobile conversations are more difficult, since the subscriber’s movement during a conversation is accompanied by a decrease in signal strength and a transition to other frequencies in the case of signal transmission from one base station to another.

The phone is almost always near its owner. Any mobile phone can be reprogrammed or replaced with an identical model with a “stitched” secret function, after which it becomes possible to listen to all conversations (not just telephone calls) even when turned off. When calling from specific number The phone automatically picks up the handset without giving a signal or changing the image on the display.

The following types of equipment are used to listen to a cell phone. Various homemade products produced by hackers and phreakers using “flashing”

and reprogramming of mobile phones, “cloning” of phones. This simple method requires only minimal financial costs and the ability to work with your hands. These are various radio equipment that are freely sold on the Russian market, and special equipment for radio reconnaissance in cellular networks communications. Equipment installed directly at the cellular operator itself is most effective for eavesdropping.

A conversation conducted from a cell phone can also be listened to using programmable scanners. Radio interception cannot be detected, and active countermeasures have been developed to neutralize it. For example, coding of radio signals or the method of sharply “jumping” frequencies. Also, to protect your cell phone from eavesdropping, it is recommended to use devices that activate a built-in noise generator from a GSM radiation detector. As soon as the phone is activated, the noise generator turns on, and the phone can no longer “eavesdrop” on conversations. The capabilities of mobile communications today make it possible not only to record voice and transmit it over a distance, but also to shoot video. That is why for reliable information protection they use local cell phone blockers.

Establishing the location of the owner of a cell phone can be carried out by triangulation (direction finding) and through the computer network of the operator providing the connection. Direction finding is realized by noting the location of the radio signal source from several points (usually three) using special equipment. This technique is well developed, highly accurate and quite affordable. The second method is based on removing information from the operator’s computer network about where the subscriber is at a given time, even when he is not conducting any conversations (using signals automatically transmitted by the phone to the base station). Analysis of data on a subscriber's communication sessions with various base stations makes it possible to restore all the subscriber's movements in the past. Such data may be stored by the cell phone company for anywhere from 60 days to several years.

Telephone channel protection can be carried out using cryptographic protection systems (scramblers), telephone line analyzers, one-way speech maskers, passive protection means, and active jammers. Information protection can be carried out at the semantic (notional) level using cryptographic methods and the energy level.

Existing equipment that counteracts the possibility of wiretapping telephone conversations is divided into three classes according to the degree of reliability:

Class I - the simplest converters that distort the signal, relatively cheap, but not very reliable - these are various noise generators, push-button signaling devices, etc.;

Class II – scammers, whose work requires the use of a replaceable key-password, comparatively reliable way protection, but professional specialists with the help of a good computer can restore the meaning of a recorded conversation;

Class III - speech coding equipment that converts speech into digital codes, which are powerful computers that are more complex than personal computers. Without knowing the key, it is almost impossible to restore the conversation.

Installation on your phone speech signal encoding means(scrambler) provides signal protection throughout the telephone line. The subscriber's voice message is processed according to some algorithm (encoded), the processed signal is sent to the communication channel (telephone line), then the signal received by another subscriber is converted using the reverse algorithm (decoded) into a speech signal.

This method, however, is very complex and expensive, requires the installation of compatible equipment at all subscribers participating in private communication sessions, and causes time delays in equipment synchronization and key exchange from the beginning of transmission until the moment the voice message is received. Scramblers can also provide closure of fax messages. Portable scramblers have a weak security threshold - using a computer, its code can be solved in a few minutes.

Telephone line analyzers signal possible connection based on measurement electrical parameters telephone line or detection of extraneous signals in it.

Analysis of the parameters of communication lines and wired communications consists of measuring the electrical parameters of these communications and makes it possible to detect embedded devices that read information from communication lines or transmit information along wired lines. They are installed on a previously tested telephone line and configured taking into account its parameters. If there are any unauthorized connections of devices powered by the telephone line, an alarm is issued. Some types of analyzers are capable of simulating the operation of a telephone and thereby identifying listening devices activated by a call signal. However, such devices have a high false alarm rate (since existing telephone lines are far from perfect) and cannot detect some types of connections.

To protect against the “microphone effect,” you should simply connect two silicon diodes paralleled in the opposite direction in series with the bell. To protect against “high-frequency pumping,” it is necessary to connect an appropriate (0.01–0.05 μF) capacitor in parallel with the microphone, which short-circuits high-frequency oscillations.

Method "common-mode" masking low-frequency interference used to suppress speech information pickup devices connected to a telephone line in series at the break of one of the wires or through an induction sensor to one of the wires. During a conversation, masking interference signals of the speech frequency range (discrete pseudo-random signals of M-sequence pulses in the frequency range from 100 to 10,000 Hz) are supplied to each wire of the telephone line, consistent in amplitude and phase. Since the telephone is connected parallel to the telephone line, the interfering signals matched in amplitude and phase cancel each other out and do not lead to distortion of the useful signal. In embedded devices connected to one telephone wire, the interfering signal is not compensated and is “superimposed” on the useful signal. And since its level significantly exceeds the useful signal, interception of transmitted information becomes impossible.

Method high-frequency masking interference. A high frequency interference signal (usually from 6–8 kHz to 12–16 kHz) is fed into the telephone line. Broadband analog signals such as “white” noise or discrete signals such as a pseudo-random pulse sequence with a spectrum width of at least 3–4 kHz are used as masking noise. A special low-pass filter with a cut-off frequency above 3–4 kHz is installed in the protection device, connected in parallel to a telephone line break, which suppresses (shunts) high-frequency interference signals and does not have a significant effect on the passage of low-frequency speech signals.

Method promotion or voltage drop. The voltage change method is used to disrupt the functioning of all types of electronic information interception devices with a contact (both serial and parallel) connection to the line, using it as a power source. A change in line voltage causes telephone bookmarks with a serial connection and parametric stabilization of the transmitter frequency to “leave” the carrier frequency and deteriorate speech intelligibility. In some cases, telephone bookmark transmitters with a parallel connection to the line simply turn off during such voltage surges. These methods provide suppression of information retrieval devices connected to the line only in the area from the protected telephone set to the telephone exchange.

Compensation method. A “digital” masking noise signal of the speech frequency range is supplied to the receiving side. The same signal (“pure” noise) is fed to one of the inputs of a two-channel adaptive filter, the other input of which receives a mixture of the received speech signal and masking noise. The filter compensates for the noise component and highlights the hidden speech signal. This method very effectively suppresses all known means of secret information collection connected to the line along the entire section of the telephone line from one subscriber to another.

The so-called "burning out" is carried out by supplying high-voltage (more than 1500 V) pulses with a power of 15–50 W and emitting them into the telephone line. Electronic data collection devices galvanically connected to the line “burn out” input stages and power supplies. The result of the work is the failure of semiconductor elements (transistors, diodes, microcircuits) of information retrieval devices. High-voltage pulses are supplied when the telephone set is disconnected from the line. In order to destroy parallel-connected devices, high-voltage pulses are supplied with an open circuit, and series-connected devices with a “shorted” (usually in a telephone box or switchboard) telephone line.

The most accessible and, accordingly, the cheapest method of finding means of retrieving information is a simple inspection. Visual control consists of a thorough examination of premises, building structures, communications, interior elements, equipment, office supplies, etc. During inspection, endoscopes can be used, lighting, inspection mirrors, etc. During inspection, it is important to pay attention to the characteristic signs of means of covert information collection (antennas, microphone holes, wires of unknown purpose, etc.). If necessary, equipment, communications equipment, furniture, and other items are dismantled or disassembled.

There are various methods for searching for embedded devices. Most often, for this purpose, radio broadcasts are monitored using various radio receiving devices. These are various voice recorder detectors, field indicators, frequency meters and interceptors, scanner receivers and spectrum analyzers, software and hardware control systems, nonlinear locators, X-ray systems, conventional testers, special equipment for testing wire lines, as well as various combined instruments. With their help, the operating frequencies of embedded devices are searched and recorded, and their location is determined.

The search procedure is quite complex and requires proper knowledge and skills in working with measuring equipment. In addition, when using these methods, constant and long-term monitoring of radio broadcasts or the use of complex and expensive special automatic hardware and software radio monitoring systems is required. The implementation of these procedures is possible only if there is a sufficiently powerful security service and very solid financial resources.

The simplest devices for searching for radiation from embedded devices are electromagnetic field indicator. It notifies with a simple sound or light signal the presence of an electromagnetic field with a strength above the threshold. Such a signal may indicate the possible presence of a mortgage device.

Frequency meter– a scanning receiver that is used to detect information retrieval devices, weak electromagnetic radiation from a voice recorder or an embedded device. It is these electromagnetic signals that they are trying to receive and then analyze. But each device has its own unique spectrum of electromagnetic radiation, and attempts to isolate wider bands rather than narrow spectral frequencies can lead to a general decrease in the selectivity of the entire device and, as a consequence, to a decrease in the noise immunity of the frequency meter.

Frequency meters also determine the carrier frequency of the strongest signal at the point of reception. Some devices allow you not only to automatically or manually capture a radio signal, detect it and listen to it through a speaker, but also determine the frequency of the detected signal and the type of modulation. The sensitivity of such field detectors is low, so they can detect radiation from radio bombs only in the immediate vicinity of them.

Infrared sensing produced using a special IR probe and allows you to detect embedded devices that transmit information via an infrared communication channel.

Special (professional) specialists have significantly greater sensitivity radio receivers with automated scanning of the radio range(scanner receivers or scanners). They provide search in the frequency range from tens to billions of hertz. Spectrum analyzers have the best capabilities for searching for radio bookmarks. In addition to intercepting the emissions of embedded devices, they allow you to analyze their characteristics, which is important when detecting radio bombs that use complex types of signals to transmit information.

The ability to interface scanning receivers with portable computers was the basis for the creation automated complexes to search for radio bookmarks (the so-called “software and hardware control systems”). The radio interception method is based on automatic comparison of the signal level from the radio transmitter and the background level, followed by self-tuning. These devices allow radio interception of a signal in no more than one second. The radio interceptor can also be used in the “acoustic connection” mode, which consists of self-excitation of the listening device due to positive feedback.

Separately, it is necessary to highlight methods for searching for mortgage devices that are not working at the time of inspection. “Bugs” (microphones of listening devices, voice recorders, etc.) that are turned off at the time of the search do not emit signals by which they can be detected by radio receiving equipment. In this case, special X-ray equipment, metal detectors and nonlinear locators are used to detect them.

Void detectors allow you to detect possible installation locations for embedded devices in wall voids or other structures. Metal detectors react to the presence of electrically conductive materials, primarily metals, in the search area, and make it possible to detect casings or other metal elements of bookmarks, and examine non-metallic objects (furniture, wooden or plastic building structures, brick walls, etc.). Portable x-ray units are used for x-ray examination of objects whose purpose cannot be revealed without disassembling them, primarily at the moment when it is impossible without destroying the found object (photos of components and blocks of equipment are taken in X-rays and compared with photographs of standard components).

One of the most effective ways to detect bookmarks is to use a nonlinear locator. Nonlinear locator is a device for detecting and localizing any p-n transitions in places where they obviously do not exist. The principle of operation of a nonlinear locator is based on the property of all nonlinear components (transistors, diodes, etc.) of radio-electronic devices to emit harmonic components into the air (when irradiated with microwave signals). The nonlinear locator receiver receives the 2nd and 3rd harmonics of the reflected signal. Such signals penetrate through walls, ceilings, floors, furniture, etc. Moreover, the conversion process does not depend on whether the irradiated object is turned on or off. Reception by a nonlinear locator of any harmonic component of the search signal indicates the presence of a radio-electronic device in the search area, regardless of its functional purpose (radio microphone, telephone bookmark, voice recorder, microphone with an amplifier, etc.).

Nonlinear radars are capable of detecting voice recorders at much greater distances than metal detectors and can be used to control the entry of sound recording devices into premises. However, this raises problems such as the level of safe radiation, response identification, the presence of dead zones, compatibility with surrounding systems and electronic equipment.

The emission power of locators can range from hundreds of milliwatts to hundreds of watts. It is preferable to use nonlinear locators with higher radiation power and better detection ability. On the other hand, at high frequencies, the high radiation power of the device poses a danger to the health of the operator.

The disadvantages of a nonlinear locator are its response to a telephone or TV located in an adjacent room, etc. A nonlinear locator will never find natural channels of information leakage (acoustic, vibroacoustic, wired and optical). The same applies to the scanner. It follows that a full check across all channels is always necessary.

The optical channel of information leakage is realized by the direct perception of the surrounding environment by the human eye through the use of special technical means that expand the vision capabilities of the organ of vision in low light conditions, when the objects of observation are remote and the angular resolution is insufficient. This includes regular peeping from a neighboring building through binoculars, and registration of radiation from various optical sensors in the visible or infrared range, which can be modulated useful information. At the same time, visual information is very often documented using photographic film or electronic media. Observation provides a large amount of valuable information, especially if it involves copying documentation, drawings, product samples, etc. In principle, the observation process is complex, as it requires a significant investment of effort, time and money.

The characteristics of any optical device (including the human eye) are determined by such primary indicators as angular resolution, illumination and frequency of image changes. The choice of surveillance system components is of great importance. Observation at long distances is carried out with large diameter lenses. High magnification is achieved by using long focal length lenses, but then the angle of view of the system as a whole inevitably decreases.

Video shooting And photographing It is used quite widely for observation. Used video cameras can be wired, radio transmitting, wearable, etc. Modern equipment makes it possible to monitor daylight and at night, at ultra-close range and at a distance of up to several kilometers, in visible light and in the infrared range (you can even detect corrections, forgeries, and also read text on burnt documents). Known telephoto lenses the size of only a matchbox, but they clearly capture printed text at distances of up to 100 meters, and the camera in the wristwatch allows you to take photographs without focusing, setting shutter speed, aperture and other subtleties.

In low light or low visibility conditions, night vision devices and thermal imagers are widely used. The basis of modern night vision devices the principle of converting a weak light field into a weak electron field, amplifying the resulting electronic image using a microchannel amplifier, and the final conversion of the amplified electronic image into a visible display (using a fluorescent screen) in the region of the spectrum visible to the eye (in almost all devices - in the green region of the spectrum) is laid down. ). The image on the screen is observed using a magnifying glass or recording device. Such devices are capable of seeing light at the edge of the near-infrared range, which was the basis for the creation of active surveillance systems with laser IR illumination (a set for night observation and video recording for remote observation and photography in conditions of complete darkness using a special infrared laser flashlight). Structurally, night vision devices can be made in the form of sights, binoculars, night vision goggles, sights for small arms, and devices for documenting images.

Thermal imagers are able to “see” the longer wavelength portion of the optical frequency spectrum (8–13 microns), in which the maximum thermal radiation of objects is located. At the same time, they are not interfered with by precipitation, but they have low angular resolution.

There are samples of uncooled thermal imagers on the market with a temperature resolution of up to 0.1 °C.

Devices for documenting images– these are sets of equipment that include a high-quality observation night sight, an image recording device (photo camera, video camera), an IR illuminator, and a rotating support device (tripod). Made to established standards, these devices are easily combined with standard lenses.

The technological revolution has greatly simplified the task of obtaining unauthorized video information. Today, highly sensitive small-sized and even subminiature television, photo and video cameras have been created in black-and-white and even color images. Advances in miniaturization make it possible to place a modern spy camera in almost any home decoration or personal item. For example, a fiber optic surveillance system has a cable length of up to two meters. It allows you to enter rooms through keyholes, cable and heating inlets, ventilation shafts, false ceilings and other openings. The system's viewing angle is 65°, focusing is almost infinite. Works in low light. With its help, you can read and photograph documents on tables, notes in desk calendars, wall tables and charts, and read information from displays. The issues of recording and transmitting video images over long distances are similar to those discussed above. Accordingly, similar methods for detecting information-transmitting devices are used.

Methods for detecting hidden cameras It is much more difficult to recognize other channels of information leakage. Today, the search for working video cameras with signal transmission via radio and wires is carried out nonlinear location method. All circuits of modern electronic devices emit electromagnetic radio waves. Moreover, each scheme has a spectrum of spurious radiation inherent only to it. Therefore, any working device that has at least one electronic circuit can be identified if the spectrum of spurious radiation is known. Electronic circuits for controlling CCD matrices of video cameras are also noisy. Knowing the emission spectrum of a particular camera, it can be detected. Information about the emission spectra of detected video cameras is stored in the device’s memory. The difficulty lies in the low level of their radiation and the presence of a large amount of electromagnetic interference.

Automation of the search and measurement of parameters of PEMI signals has revealed the need to clearly divide the process of special research into the following stages: search for PEMI signals, measurement of their parameters and calculation of the required security values. The practice of manual measurements often calls this procedure into question due to the routine nature and large volume of work. Therefore, the process of searching and measuring the parameters of PEMI signals is often combined.

Special technical means for secretly receiving (destructing) information from means of its storage, processing and transmission are divided into:

special signal radio transmitters placed in the means computer technology, modems and other devices that transmit information about operating modes (passwords, etc.) and processed data;

technical means for monitoring and analyzing spurious emissions from PCs and computer networks;

special means for express copying information from magnetic media or its destruction (destruction).

There are two main components of probable sources of spurious electromagnetic radiation - signal cables and high-voltage units. To emit a signal over the air, you need an antenna matched to a specific frequency. Such an antenna is often used by various connecting cables. At the same time, the amplifiers of the monitor beams have much greater energy and also act as radiating systems. Their antenna system consists of both connecting loops and other long circuits galvanically connected to these nodes. PEMI does not have only devices that work with information presented in analog form (for example, photocopiers that use direct blueprinting).

Electromagnetic radiation from various devices poses two dangers:

1) the ability to remove spurious electromagnetic radiation. Due to its stability and secrecy, this method of secretly obtaining information is one of the promising channels for attackers;

2) the need to ensure electromagnetic compatibility of various technical means to protect information from unintentional exposure to device radiation. The concept of “susceptibility to interference” is a set of measures to protect information from the ability of office equipment that processes information, when exposed to electromagnetic interference, to distort the content or permanently lose information, change the control process of its processing, etc., and even the possibility of physical destruction of device elements.

When several technical means work together, it is necessary to place them so that their “interference zones” do not intersect. If it is impossible to fulfill this condition, one should strive to separate the radiation from the source of the electromagnetic field in frequency or to separate the periods of operation of technical means in time.

The easiest way to solve the problem in technical terms is to intercept information displayed on the PC display screen. When using special highly directional antennas with a high gain, the interception range of unwanted electromagnetic radiation can reach hundreds of meters. This ensures the quality of information recovery corresponding to the quality of text images.

In general, systems for intercepting signals via PEMI channels are based on microprocessor technology and have appropriate special software and memory that allows storing signals from the lines. Such systems contain appropriate sensors designed to collect signal information from telecommunication lines. For analog lines, interception systems contain appropriate converters.

The easiest way to solve the problem of intercepting PEMI is in the case of unshielded or weakly shielded communication lines (security and fire alarm lines, intra-facility computer communication lines using twisted pairs and so on.). It is much more difficult to capture signals from heavily shielded lines using coaxial cable and optical fiber. Without destroying their screen shell, at least partially, solving the problems seems unlikely.

The widespread use of computers in business has led to the fact that large volumes of business information are stored on magnetic media and transmitted and received over computer networks. Receiving information from computers can be carried out different ways. This is the theft of storage media (floppy disks, magnetic disks, etc.); reading information from the screen (during display while a legitimate user is working or in his absence); connection of special hardware that provides access to information; the use of special technical means to intercept unwanted electromagnetic radiation from PCs. It is known that with the help of a directional antenna, such interception is possible for PCs in a metal case at distances of up to 200 m, and in a plastic case - up to one kilometer.

Signal radio bookmarks(placed in computer equipment, modems and other devices), transmitting information about operating modes (passwords, etc.) and processed data, are electromagnetic repeaters of signals from operating computers, printers, and other office equipment. The signals themselves can be analog or digital. Such special radio bookmarks, suitably camouflaged, have a high degree of physical secrecy. Their only distinguishing feature is the presence of radio emission. They can also be identified when inspecting office equipment modules by specialists who know their hardware well.

The most informative signal is the screen display on a computer monitor. Interception of information from the monitor screen can also be carried out using special television cameras. Professional equipment for intercepting spurious radiation from a computer is used to intercept radiation from a personal computer and reproduce monitor images. Keyboard microtransmitters are also known, designed to secretly receive information about all operations on the computer keyboard (codes, passwords, typed text, etc.).

To search for spurious electromagnetic radiation, use spurious emission recorder. In the role of such a recorder, a specialized highly sensitive radio frequency spectrum analyzer is used with the possibility of multi-channel, including correlation processing of spectral components and visual display of the results.

Measurements of spurious electromagnetic radiation are carried out using antenna equipment (selective voltmeters, measuring receivers, spectrum analyzers). Selective voltmeters (nanovoltmeters) are used to determine the strength of electric and magnetic fields. Measuring receivers combine the best characteristics of selective voltmeters (the presence of a preselector) and spectrum analyzers (visual representation of the panorama of the analyzed frequency range), but they are quite expensive. Spectrum Analyzers by functionality compete with measuring receivers, but a number of metrological characteristics due to the lack of a preselector are worse. But their price is 4–5 times lower than the price of a similar measuring receiver.

A detector for analyzing spurious electromagnetic radiation (SEMR) can be peak (shows the amplitude of the signal), linear (instantaneous realization of the signal at the time of its measurement), root mean square (transmits signal power) and quasi-peak (does not have any physical quantity based on it and is intended for unification radio interference measurements for electromagnetic compatibility research purposes). It is correct to carry out measurements only using a peak detector.

The following methods of solving the problem of electromagnetic radiation using technical measures are distinguished:

1) shielding - surrounding either the source or the receptor with a metal alloy casing. When choosing equipment, preference should be given to cables that have a shielding sheath (coaxial cable), fiber-optic cables that do not emit electromagnetic interference and are immune to it. When installed, the screen must have tight (preferably soldered) contact with the housing bus, which, in turn, must be grounded;

The grounding schemes used are divided into three groups. The simplest grounding method is serial at one point, but it corresponds to the highest level of interference due to the flow of currents through common sections of the grounding circuit. Parallel grounding at one point is free from this disadvantage, but requires a large number of long conductors, due to the length of which it is difficult to ensure low grounding resistance. The multipoint circuit eliminates the disadvantages of the first two options, however, when using it, difficulties may arise due to the appearance of resonant interference in the circuit circuits. Typically, when organizing grounding, hybrid circuits are used: low frequencies They prefer a single-point, and at higher frequencies, a multi-point circuit.

To create a system of effective protection against the secret collection of information through technical channels, it is recommended to take a number of measures. The characteristic features of the location of buildings, rooms in buildings, the area around them and the communications should be analyzed. Next, you should determine the premises within which confidential information circulates, and take into account the technical means used in them. Carry out such technical measures as checking the equipment used for compliance with the magnitude of spurious emissions permissible levels, shielding the room with equipment or this equipment in the room, reinstall individual circuits (lines, cables), use special devices and means of passive and active protection.

Addiction modern society from information technologies so high that failures in information systems can lead to significant incidents in the “real” world. There is no need to explain to anyone that software and data stored on a computer need to be protected. Rampant computer piracy harmful viruses, hacker attacks and sophisticated means of commercial espionage force software manufacturers and users to look for ways and means of protection.

There are a large number of methods for restricting access to information stored on computers. Security of information and communication systems can be divided into technological, software and physical. WITH technological From a security point of view, both “mirror” servers and dual hard drives are widely used in information systems.

Reliable systems must be used uninterruptible power supply. Power surges can erase memory, alter programs, and destroy chips. Can protect servers and computers from short-term power surges network filters. Uninterruptible power supplies provide the ability to turn off your computer without losing data.

To provide software security, quite developed software tools for fighting viruses, protection against unauthorized access, information recovery and backup systems, proactive PC protection systems, information identification and encoding systems are actively used. Within the framework of this section it is impossible to analyze the huge variety of software, hardware and software systems, as well as various devices access, since this is a separate topic that deserves specific, detailed consideration, and it is the task of the information security service. Here we consider only devices that allow the protection of computer equipment by technical means.

The first aspect of computer security is the threat of information theft by outsiders. This theft can be carried out through physical access to information media. In order to prevent unauthorized access to the computer of others while protected information is located on it, and to ensure the protection of data on media from theft, you should start by securing the computer from simple theft.

The most common and primitive type of protection for office equipment is a small lock on the case of the system unit (turning the key turns off the computer). Another elementary way protect monitors and system units from theft - make them stationary. This can be achieved by simply attaching PC elements to some bulky and heavy objects or connecting PC elements to each other.

Protection kit desktop computer must ensure the implementation of a wide range of security methods, including the protection of internal parts of the computer, so that it would be impossible to gain access to the internal space of the system unit without removing the universal fastener. The security of not only one system unit, but also part of the peripheral devices must be ensured. The security package should be so universal that it can be used to protect not only computers, but also other office equipment.

The security device for CD, DVD and floppy drives is similar to a floppy disk with a lock on its end. Insert the "floppy" part of it into the drive, turn the key in the lock, and the drive is unusable. Mechanical or electromechanical keys quite reliably protect data on a computer from copying and theft of media.

To protect the information shown on the monitor from prying eyes, special filters. With the help of microblinds, the data displayed on the screen is visible only to the person sitting directly in front of the monitor, and from a different viewing angle only the black screen is visible. Similar functions are performed by filters that operate on the principle of image blur. Such filters consist of several films, due to which the above effect is achieved, and an outsider can only see a blurry, completely unreadable image.

Present on the market protection complexes, consisting of a sensor (electronic, motion sensor, shock, leash sensor) and a siren unit installed on the protected computer. The siren, whose power is 120 dB, will be triggered only when the sensor is disconnected or triggered. Installing such protection on the case, however, does not always guarantee the safety of the contents of the system unit. Equipping all computer components with such sensors will help prevent their possible theft.

Most laptops come standard with security slot (Security Slot). In the reception offices of many Western companies there are even specially designated tables equipped with mechanical devices for the ability to “fasten” a laptop in case it needs to be left for a while. Laptop owners actively use security systems“sensor – siren” in one housing. Such kits can be activated (deactivated) either with a key or a key fob.

For guard local networks exist unified security systems. Each protected computer is equipped with sensors that are connected to the central security panel through special sockets or wirelessly. After installing all the sensors on the protected objects (it is recommended to install such sensors on system units at the junction of the casing and the housing), you just need to connect the wires from sensor to sensor. When any of the sensors is triggered, an alarm signal is sent to the central panel, which automatic mode will notify the appropriate services.

It should be mentioned that a powerful electromagnetic pulse is capable of destroying information contained on magnetic media at a distance, and a fire that occurs even in an adjacent room will most likely lead to the destruction of existing office equipment. For protection, there are high-tech means that allow, at an ambient temperature of 1100 °C, to maintain the viability of a computer system for two hours and resist physical destruction and hacking, as well as powerful electromagnetic pulses and other overloads.

But protecting information stored on a computer is not just about installing a secure lock in the server room, purchasing a safe for storing information media, and installing a fire protection system. To protect transmitted and stored information, it must be encrypted using hardware, usually by connecting an additional electronic card to the computer.

Today, magnetic media occupy a leading position among information storage media. These include audio, video, streamer cassettes, floppy and hard disks, magnetic wire, etc. It is known that the implementation of the standard for any operating system information deletion operations are only apparent destruction. The information does not disappear at all, only the links to it in the directory and file allocation table disappear. The information itself can be easily recovered using appropriate programs (the ability to recover data exists even from a formatted hard drive). Even when new information is written over the destroyed information, the original information can be restored using special methods.

Sometimes in practice there is a need to completely destroy information stored at an enterprise. Today, there are several ways to quickly and reliably destroy information on magnetic media. Mechanical method– shredding the media, including using pyrotechnic means, usually does not ensure guaranteed destruction of information. If the media is mechanically destroyed, it is still possible for an expert to restore fragments of information.

To date, the most developed methods physical destruction of information, based on bringing the material of the working carrier layer to a state of magnetic saturation. By design, it can be a powerful permanent magnet, which is not very convenient to use. More effective for destroying information is the use of a briefly created powerful electromagnetic field, sufficient to magnetically saturate the carrier material.

Developments that implement a physical method of destroying information make it possible to easily and quickly solve problems associated with the “disposal” of information stored on magnetic media. They can be built into the equipment or made as a separate device. For example, information safes can be used not only to destroy recorded information, but also to store its magnetic media. They usually have the ability to remotely initiate the erasing procedure via a panic button. Safes can be additionally equipped with modules to start the erasing process using Touch keys or remote start using a radio key fob with a range of up to 20 m. When the media is exposed to a powerful electromagnetic pulse, data erasing occurs instantly; for this you only need to put the charge accumulated in advance into the storage room. Storage media can be located in special chambers and still be fully operational (for example, hard drives). The impact on the carrier is carried out sequentially by two pulsed magnetic fields of the opposite direction.

Chemical method destruction of the working layer or carrier base by aggressive media is simply unsafe and has significant disadvantages that make its widespread use in practice questionable.

Thermal method of destroying information (burning) is based on heating the carrier to the temperature of destruction of its base by electric arc, electric induction, pyrotechnic and other methods. In addition to the use of special furnaces for burning media, there are developments in the use of pyrotechnic compositions to destroy information. A thin layer of pyrotechnic composition is applied to the disk, capable of destroying this surface within 4–5 s at a temperature of 2000 °C to the state of “not a single legible sign remaining.” The pyrotechnic composition is triggered under the influence of an external electrical impulse, while the disk drive remains undamaged.

With increasing temperature, the absolute value of the saturation induction of the ferromagnet decreases, due to this, the state of magnetic saturation of the material of the working carrier layer can be achieved at more low levels external magnetic field. Therefore, a combination of thermal effects on the material of the working layer of a magnetic storage medium with the influence of an external magnetic field on it may turn out to be very promising.

Practice has shown that modern magnetic storage media retain their characteristics even with a small dose of radiation. Strong ionizing radiation is unsafe for people. This indicates a low probability of use radiation method of destroying information on magnetic media.

To dispose of unnecessary documents (including used carbon paper from typewriters), special equipment is produced - paper shredders.

A reliable method of protecting information is encryption, because in this case the data itself is protected, and not access to it (for example, an encrypted file cannot be read even if the floppy disk is stolen).

Cryptographic methods(transformation of semantic information into a certain set of chaotic signs) are based on the transformation of the information itself and are in no way related to the characteristics of its material carriers, as a result of which they are the most universal and potentially cheapest to implement. Ensuring secrecy is considered the main task of cryptography and is solved by encrypting transmitted data. The recipient of the information will be able to restore the data to its original form only if he knows the secret of such transformation. The sender also needs the same key to encrypt the message. According to the Kerkhoff principle, according to which all modern cryptosystems are built, the secret part of the cipher is its key - a piece of data of a certain length.

The implementation of cryptographic procedures is carried out in a single hardware, software or software-hardware module (encoder - a special encryption device). As a result, neither reliable information protection, nor complexity, nor user convenience are achieved. Therefore, the main cryptographic functions, namely algorithms for converting information and generating keys, are not separated into separate independent blocks, but are built in as internal modules into application programs or even provided by the developer himself in his programs or in the operating system kernel. Due to the inconvenience practical application Most users prefer not to use encryption tools, even at the expense of preserving their secrets.

With the widespread use of various devices and computer programs for protecting data by converting them according to one of the world's accepted open encryption standards (DES, FEAL, LOKI, IDEA, etc.), the problem has arisen that the exchange of confidential messages via open channel communication, it is necessary to deliver keys to both ends in advance for data conversion. For example, for a network of 10 users, 36 different keys must be used simultaneously, and for a network of 1000 users, 498,501 will be required.

Public key distribution method. Its essence is that users independently and independently of each other, using random number sensors, generate individual passwords or keys and store them secretly on a floppy disk, a special magnetic or processor card, or a non-volatile memory tablet ( Touch Memory), on paper, punched tape, punched card or other media. Then each user, using a well-known procedure, calculates his key from his individual number (key), i.e., a block of information that he makes available to everyone with whom he would like to exchange confidential messages. “Kneading” algorithms are designed so that any two users end up with the same common key, known only to both of them, which they can use to ensure the confidentiality of the mutual exchange of information without the participation of third parties. Users can exchange public keys among themselves immediately before transfer private messages or (which is much simpler), instructing someone to collect in advance all the public keys of users into a single directory and verifying it with his digital signature, distribute this catalog to all other users.

In modern information systems (IS), information has two contradictory properties - accessibility and security from unauthorized access. In many cases, IS developers are faced with the problem of choosing the priority of one of these properties.

Information protection usually means ensuring its security from unauthorized access. At the same time, unauthorized access itself is usually understood as actions that entailed “...destruction, blocking, modification, or copying of information...” (Criminal Code of the Russian Federation, Art. 272). All methods and means of protecting information can be divided into two large groups: formal and informal.

Rice. 1. Classification of methods and means of information security

Formal methods and tools

These are means that perform their protective functions strictly formally, that is, according to a predetermined procedure and without direct human participation.

Technical means

Technical means of protection are various electronic and electronic-mechanical devices that are included in the technical means of the IP and perform certain protection functions independently or in combination with other means.

Physical means

Physical means of protection are physical and electronic devices, structural elements of buildings, fire extinguishing means, and a number of other means. They ensure the following tasks:

• protection of the territory and premises of the computer center from intruders;
• protection of equipment and storage media from damage or theft;
• preventing the possibility of observing the work of personnel and the operation of equipment from outside the territory or through windows;
• preventing the possibility of intercepting electromagnetic radiation from operating equipment and data transmission lines;
• control over the work schedule of personnel;
• organizing access to the premises for employees;
• control over the movement of personnel in various work areas, etc.

Cryptographic methods and tools

Cryptographic methods and means are special transformations of information, as a result of which its presentation changes.

In accordance with the functions performed, cryptographic methods and tools can be divided into the following groups:

• identification and authentication;
• access control;
• encryption of protected data;
• protection of programs from unauthorized use;
• information integrity control, etc.

Informal methods and means of information security

Informal means are those that are implemented as a result of the purposeful activities of people, or regulate (directly or indirectly) this activity.

Informal means include:

Organizational means

These are organizational, technical and organizational and legal measures carried out in the process of creating and operating information systems in order to ensure information protection. According to their content, the entire set of organizational activities can be divided into the following groups:

• activities carried out during the creation of IP;
• activities carried out during the operation of the information system: organization of access control, organization of automated information processing technology, organization of work in shifts, distribution of access control details (passwords, profiles, authorities, etc.);
• general measures: taking into account security requirements when recruiting and training personnel, organizing scheduled and preventive checks of the security mechanism, planning information security measures, etc.

Legislative means

These are legislative acts of the country that regulate the rules for the use and processing of restricted information and establish penalties for violating these rules. We can formulate five “basic principles” that underlie the system of information protection laws:

• systems should not be created that accumulate large amounts of personal information, the activities of which would be classified;
• there must be ways by which an individual can determine that personal information has been collected, why it is being collected, and how it will be used;
• there must be guarantees that information obtained for one purpose will not be used for other purposes without informing the person to whom it relates;
• there must be ways by which a person can correct information relating to him and contained in the IP;
• Any organization that collects, stores and uses personal information must ensure that the data is stored securely when used appropriately and must take all measures to prevent misuse of the data.

Moral and ethical standards

These norms can be either unwritten (generally accepted norms of honesty, patriotism, etc.) or written, i.e. formalized in a certain set of rules and regulations (charter).

On the other hand, all methods and means of protecting information can be divided into two large groups according to the type of object being protected. In the first case, the object is the information carrier, and all informal, technical and physical methods and means of protecting information are used here. In the second case, we are talking about the information itself, and cryptographic methods are used to protect it.

The most dangerous (significant) threats to information security are:

• violation of confidentiality (disclosure, leakage) of information constituting banking, judicial, medical and commercial secrets, as well as personal data;
• disruption of performance (disorganization of work) of the information system, blocking of information, disruption of technological processes, failure to solve problems in a timely manner;
• violation of the integrity (distortion, substitution, destruction) of information, software and other IP resources, as well as falsification (forgery) of documents.

Below we give a brief classification of possible channels of information leakage in information systems - ways of organizing unauthorized access to information.

Indirect channels, allowing unauthorized access to information without physical access to IS components:

• use of listening devices;
• remote monitoring, video and photography;
• interception of electromagnetic radiation, registration of crosstalk, etc.

Channels related to access to IS elements, but not requiring changes to system components, namely:

• observation of information during processing in order to remember it;
• theft of storage media;
• collection of production waste containing processed information;
• intentionally reading data from other users' files;
• reading residual information, i.e. data remaining on the fields of storage devices after executing requests;
• copying storage media;
• deliberate use of registered user terminals to access information;
• masquerading as a registered user by stealing passwords and other information access control details used in the information system;
• the use of so-called “loopholes” to access information, that is, opportunities to bypass the access control mechanism that arise as a result of imperfections and ambiguities of programming languages ​​and system-wide software components in the IS.

Channels associated with access to IS elements and changes in the structure of its components:

• illegal connection of special recording equipment to system devices or communication lines;
• malicious modification of programs in such a way that these programs, along with the basic functions of information processing, also carry out unauthorized collection and registration of protected information;
• malicious disabling of the protection mechanism.

1.3.3. Restricting access to information

In general, the system for protecting information from unauthorized access consists of three main processes:

• identification;
• authentication;
• authorization.

At the same time, the participants in these processes are considered to be subjects - active components (users or programs) and objects - passive components (files, databases, etc.).

The task of identification, authentication and authorization systems is to determine, verify and assign a set of powers to a subject when accessing an information system.

Identification of a subject when accessing an IS, the process of comparing it with a certain stored system in a certain object, a characteristic of the subject - an identifier, is called. Subsequently, the subject identifier is used to provide the subject with a certain level of rights and powers when using the information system.

Authentication subject is the procedure for verifying that an identifier belongs to a subject. Authentication is performed on the basis of one or another secret element (authenticator), which is available to both the subject and the information system. Usually, in some object in the information system, called an account database, not the secret element itself is stored, but some information about it, on the basis of which a decision is made about the adequacy of the subject to the identifier.

Authorization subject is the procedure for vesting him with rights corresponding to his powers. Authorization is carried out only after the subject has successfully passed identification and authentication.

The entire identification and authentication process can be schematically represented as follows:

Rice. 2. Scheme of the identification and authentication process

2- requirement to undergo identification and authentication;

3- sending identifier;

4- checking the presence of the received identifier in the account database;

6- sending authenticators;

7- checking the correspondence of the received authenticator to the previously specified identifier in the account database.

From the above diagram (Fig. 2) it is clear that in order to overcome the system of protection against unauthorized access, you can either change the work of the subject implementing the identification/authentication process, or change the contents of the object - the account database. In addition, it is necessary to distinguish between local and remote authentication.

With local authentication, we can assume that processes 1,2,3,5,6 take place in a protected zone, that is, the attacker is not able to eavesdrop or change the transmitted information. In the case of remote authentication, one must take into account the fact that the attacker can take either passive or active participation in the process of sending identification/authentication information. Accordingly, such systems use special protocols that allow the subject to prove knowledge of confidential information without disclosing it (for example, a non-disclosure authentication protocol).

The general scheme of information protection in IS can be presented as follows (Fig. 3):

Rice. 3. Removing information protection in the information system

Thus, the entire information protection system in the IS can be divided into three levels. Even if an attacker manages to bypass the system of protection against unauthorized access, he will be faced with the problem of finding the information he needs in the IS.

Semantic protection involves hiding the location of information. For these purposes, for example, a special recording format on a medium or steganographic methods can be used, that is, hiding confidential information in container files that do not carry any significant information.

Currently, steganographic methods of information security have become widespread in two most relevant areas:

• hiding information;
• copyright protection.

The last obstacle on the way of an attacker to confidential information is its cryptographic transformation. This transformation is usually called encryption. A brief classification of encryption systems is given below (Fig. 4):

Rice. 4. Classification of encryption systems

The main characteristics of any encryption system are:

• key size;
• the difficulty of encrypting/decrypting information for a legal user;
• the difficulty of “breaking” encrypted information.

Currently, it is generally accepted that the encryption/decryption algorithm is open and publicly known. Thus, only the key whose owner is a legal user is unknown. In many cases, it is the key that is the most vulnerable component of the information protection system from unauthorized access.

Of Microsoft's ten security laws, two are dedicated to passwords:

Law 5: “A weak password will break the strictest security”

Law 7: “Encrypted data is only as secure as the decryption key.”

That is why the selection, storage and change of the key in information security systems is given particular importance. The key can be chosen by the user independently or imposed by the system. In addition, it is customary to distinguish between three main forms of key material:

1.3.4. Technical means of information security

In general, information protection by technical means is ensured in the following ways:
the source and carrier of information are localized within the boundaries of the protected object and a mechanical barrier is provided against contact with them by an attacker or remote influence on them of the fields of his technical means

• the ratio of the energy of the carrier and interference at the input of the receiver installed in the leakage channel is such that the attacker is unable to remove information from the carrier with the quality necessary for its use;
• the attacker cannot detect the source or carrier of the information;
• Instead of true information, the attacker receives false information, which he accepts as true.

These options implement the following protection methods:

• preventing an attacker from directly penetrating the source of information with the help of engineering structures and technical security means;
• hiding reliable information;
• “giving” false information to the attacker.

The use of engineering structures and security is the most ancient method of protecting people and material assets. The main task of technical means of protection is to prevent (prevent) direct contact of an attacker or the forces of nature with the objects of protection.

Objects of protection are understood as people and material assets, as well as information carriers localized in space. Such media include paper, machine media, photographic and film film, products, materials, etc., that is, everything that has clear dimensions and weight. To organize the protection of such objects, such technical means of protection as security and fire alarms are usually used.

Information carriers in the form of electromagnetic and acoustic fields, electric current do not have clear boundaries and information hiding methods can be used to protect such information. These methods involve such changes in the structure and energy of the media in which an attacker cannot directly or using technical means extract information with a quality sufficient to use it in his own interests.

1.3.5. Information security software

These protections are specifically designed to protect computer information and are built on the use of cryptographic methods. The most common software tools are:

• Programs for cryptographic processing (encryption/decryption) of information (“Verba” MO PNIEI www.security.ru; “Krypton” Ankad www.ancud.ru; “Secret Net” Informzashchita www.infosec.ru; “Dallas Lock” Confident www. confident.ru and others);
• Programs for protection against unauthorized access to information stored on a computer (“Sobol” Ankad www.ancud.ru and others);
• Steganographic information processing programs (“Stegano2ET” and others);
• Software tools for guaranteed destruction of information;
• Systems for protecting against unauthorized copying and use (using electronic keys, for example, the Aladdin company www.aladdin.ru and with reference to the unique properties of the StarForce storage medium).

1.3.6. Anti-virus information protection tools

In general, we should talk about “malware programs”, this is how they are defined in the governing documents of the State Technical Commission and in existing legislative acts (for example, Article 273 of the Criminal Code of the Russian Federation “Creation, use and distribution malware for computers"). All malware can be divided into five types:

• Viruses– defined as pieces program code, which have the ability to generate objects with similar properties. Viruses, in turn, are classified according to their habitat (for example: boot -, macro -, etc. viruses) and according to their destructive action.
• Logic bombs– programs that launch only when certain conditions are met (for example: date, pressing a key combination, absence/presence of certain information, etc.).
• Worms- programs that have the ability to spread over a network, transferring to the destination node not necessarily the entire program code at once - that is, they can “assemble” themselves from individual parts.
• Trojans– programs that perform undocumented actions.
• Bacteria– unlike viruses, they are integral programs that have the property of reproducing their own kind.

Currently, malware in its “pure” form practically does not exist - they are all some kind of symbiosis of the types listed above. That is, for example: a Trojan may contain a virus and, in turn, the virus may have the properties of a logic bomb. According to statistics, about 200 new malicious programs appear every day, with worms taking the “leadership”, which is quite natural due to the rapid growth in the number of active Internet users.

To protect against malware, it is recommended to use anti-virus software packages (for example: DrWeb, AVP - domestic developments, or foreign ones, such as NAV, TrendMicro, Panda, etc.). The main diagnostic method for all existing anti-virus systems is “signature analysis”, that is, an attempt to check the new information received for the presence of a malicious program “signature” - a characteristic piece of program code. Unfortunately, this approach has two significant drawbacks:

• It is possible to diagnose only already known malware, and this requires constant updating of the “signature” databases. This is precisely what one of Microsoft's security laws warns about:

Law 8: “A non-updated antivirus program is not much better than no antivirus program at all.”

• The continuous increase in the number of new viruses leads to a significant increase in the size of the “signature” database, which in turn causes a significant use of computer resources by the anti-virus program and, accordingly, a slowdown in its operation.

One of the well-known ways to increase the efficiency of malware diagnosis is to use the so-called “heuristic method”. In this case, an attempt is made to detect the presence of malware, taking into account known methods for creating it. However, unfortunately, if a highly qualified specialist took part in the development of the program, it can only be discovered after it has demonstrated its destructive properties.

print version

Reader

Workshops

Presentations

The concept of “information” today is used very widely and versatilely. It is difficult to find an area of ​​knowledge where it is not used. Huge information flows literally overwhelm people. Like any product, information has consumers who need it, and therefore has certain consumer qualities, and also has its owners or producers.

From the consumer's point of view, the quality of the information used makes it possible to obtain additional economic or moral benefits.

From the owner’s point of view, keeping it secret is commercial important information allows you to successfully compete in the market for the production and sale of goods and services. This naturally requires certain actions aimed at protecting confidential information. At the same time, security is understood as the state of protection of the vital interests of the individual, enterprise, and state from internal and external threats.

When storing, maintaining and providing access to any information object, its owner or a person authorized by him imposes either explicitly or self-evidently a set of rules for working with it. Deliberate violation of them is classified as an attack on information.

What are the possible consequences of attacks on information? First of all, of course, these are economic losses.

Disclosure of business information may result in significant direct market losses.

The news of the theft of a large amount of information usually seriously affects the reputation of the company, leading indirectly to losses in trading volumes.

Competing firms can take advantage of the theft of information, if it goes unnoticed, in order to completely ruin the company by imposing fictitious or obviously unprofitable transactions on it.

Substitution of information, both at the stage of transmission and at the stage of storage in the company, can lead to huge losses.

Repeated successful attacks on a company providing any type of information services reduce customer confidence in the company, which affects revenue.

As evidenced by the domestic and foreign press, malicious actions against information not only do not decrease, but also have a fairly steady upward trend.

Information protection is a set of measures aimed at ensuring the most important aspects of information security (integrity, availability and, if necessary, confidentiality of information and resources used for entering, storing, processing and transmitting data).

A system is said to be secure if it, using appropriate hardware and software, controls access to information so that only properly authorized individuals, or processes acting on their behalf, have the right to read, write, create, and delete information.

There are no absolutely safe systems, so they talk about a reliable system in the sense of “a system that can be trusted” (as a person can be trusted). A system is considered reliable if, using sufficient hardware and software, it ensures the simultaneous processing of information of varying degrees of secrecy by a group of users without violating access rights.

The main criteria for assessing reliability are security policy and warranty.

The security policy, being an active component of protection (includes the analysis of possible threats and the selection of appropriate countermeasures), reflects the set of laws, rules and norms of behavior that a particular organization uses when processing, protecting and disseminating information.

The choice of specific mechanisms for ensuring system security is made in accordance with the formulated security policy.

Assurance, being a passive element of protection, reflects the degree of trust that can be placed in the architecture and implementation of the system (in other words, it shows how correctly the mechanisms that ensure the security of the system are chosen).

A reliable system must record all security-related events that occur (an accountable logging mechanism must be used, complemented by analysis of the stored information, i.e. auditing).

The main areas of information protection are the protection of state, commercial, official, bank secrets, personal data and intellectual property.

State secret - information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm security Russian Federation.

Correspond to the list of information constituting state secrets, are not included in the list of information not subject to classification, and comply with the legislation of the Russian Federation on state secrets (the principle of legality);

The advisability of classifying specific information has been established through an expert assessment of the likely economic and other consequences, the possibility of causing damage to the security of the Russian Federation, based on the balance of vital interests of the state, society and the individual (the principle of validity);

Restrictions on the dissemination of this information and on access to it are established from the moment of their receipt (development) or in advance (principle of timeliness);

The competent authorities and their officials made a decision in relation to specific information to classify it as a state secret and classify it as a state secret and established an appropriate regime of legal protection and protection in relation to it (the principle of mandatory protection).

Trade secrets are protected with the assistance of the state. An example of this statement is the numerous facts of restricting the access of foreigners to the country (in China - to protect the secrets of porcelain production), to certain sectors of the economy or to specific production facilities. In Russia, a trade secret was classified as a trade secret, but then it was liquidated as a legal institution in the early 30s and, in connection with the nationalization of economic sectors, was protected as a state and official secret. Now the reverse process has begun.

Information may constitute a trade secret if it meets the following requirements (legal protection criteria):

Has actual or potential commercial value due to its unknown to third parties;

Does not fall under the list of information, access to which cannot be limited, and the list of information classified as state secrets;

There is no free access to it legally;

The owner of the information takes measures to protect its confidentiality.

The following information cannot be classified as a trade secret:

Subject to disclosure by the issuer of securities, a professional participant in the securities market and the owner of securities in accordance with the legislation of the Russian Federation on securities;

Related to compliance with environmental and antimonopoly legislation, ensuring safe working conditions, sales of products that cause harm to public health, other violations of the legislation of the Russian Federation, the legislation of the constituent entities of the Russian Federation, and also containing data on the amount of losses caused;

On the activities of charitable organizations and other non-profit organizations not related to business activities;

About the availability of vacancies;

On the storage, use or movement of materials and the use of technologies that pose a danger to the life and health of citizens or the environment;

On the implementation of the state privatization program and on the conditions for the privatization of specific objects;

About the size of property and invested funds during privatization;

On the liquidation of a legal entity and on the procedure and deadline for filing applications or claims by its creditors;

For which restrictions on establishing a trade secret regime are defined in accordance with federal laws and by-laws adopted for the purpose of their implementation.

The main subjects of the right to a trade secret are the owners of the trade secret and their legal successors.

Holders of trade secrets are individuals (regardless of citizenship) and legal entities (commercial and non-profit organizations) engaged in business activities and who have a monopoly right to information that constitutes a trade secret for them.

All information from a legal point of view is divided into several main segments:

1) Information without restriction of access rights. This type of information, for example, includes:

Public information provided to users free of charge;

Information about the state of the natural environment, its pollution - information (data) obtained as a result of monitoring the natural environment, its pollution (Federal Law of May 2, 1997 No. 76-FZ “On the destruction of chemical weapons”);

Information in the field of work on the storage, transportation, destruction of chemical weapons - information on the state of health of citizens and environmental objects in the areas where chemical weapons storage facilities and chemical weapons destruction facilities are located, measures to ensure chemical, sanitary-hygienic, environmental and fire safety when carrying out work on the storage, transportation and destruction of chemical weapons, as well as on measures to prevent the occurrence of emergency situations and eliminate their consequences when performing these works, provided at the request of citizens and legal entities, including public associations (Federal Law of May 2, 1997 No. 76-FZ “On the destruction of chemical weapons”, Article 1.2).

Information containing information about circumstances and facts that pose a threat to the life and health of citizens is not subject to classification and cannot be classified as a secret.

2) Information with limited access - state secrets, official secrets, commercial secrets, bank secrets, professional secrets and personal data as an institution for protecting the right to privacy.

3) Information, the dissemination of which harms the interests of society, the legitimate interests and rights of citizens - pornography; information inciting national, racial and other hatred; propaganda and calls for war, false advertising, advertising with hidden inserts, etc. - the so-called “harmful” information.

4) Objects of intellectual property (that which cannot be classified as information with limited access, but is protected in a special manner through intellectual property institutions - copyright, patent law, means of individualization, etc. The exception is know-how, which is protected in trade secret regime).

Computer crimes are extremely multifaceted and complex phenomena. The objects of such criminal attacks may be the technical means themselves (computers and peripherals) as material objects or software and databases for which the technical means are the environment; a computer can act as an object of attack or as a tool.

The types of computer crimes are extremely diverse. This includes unauthorized access to information stored on a computer, and the introduction of “logical bombs” into software, which are triggered when certain conditions are met and partially or completely disable the computer system, and the development and distribution computer viruses, and theft of computer information. A computer crime can also occur due to negligence in the design, manufacture and operation of software and computing systems or due to the falsification of computer information.

Among the entire range of information security methods, the following are distinguished:

Figure 11.1. Classification of information security methods in computer systems

Methods and means of organizational information protection include organizational, technical and organizational and legal measures carried out in the process of creating and operating a computer system to ensure information protection. These activities should be carried out during the construction or renovation of premises in which computers will be located; system design, installation and adjustment of its hardware and software; testing and checking the performance of a computer system.

The basis for carrying out organizational activities is the use and preparation of legislative and regulatory documents in the field of information security, which at the legal level should regulate access to information by consumers. In Russian legislation, later than in the legislation of other developed countries, the necessary legal acts appeared (although not all of them).

Engineering and technical protection (ETP) is a set of special bodies, technical means and measures for their use in the interests of protecting confidential information.

The variety of goals, objectives, objects of protection and ongoing activities requires consideration of some system of classification of means by type, orientation and other characteristics.

For example, engineering protection means can be considered according to the objects of their influence. In this regard, they can be used to protect people, material assets, finances, and information.

The variety of classification characteristics allows us to consider engineering and technical means by objects of influence, the nature of the measures, methods of implementation, scale of coverage, and the class of means of attackers that are countered by the security service.

According to their functional purpose, engineering and technical protection means are divided into the following groups:

1. physical means, including various means and structures that prevent physical penetration (or access) of attackers to protected objects and to material media of confidential information (Fig. 16) and protect personnel, material assets, finances and information from illegal influences;

2. hardware – instruments, devices, devices and others technical solutions, used in the interests of information security. In the practice of the enterprise, a wide variety of equipment is widely used, from telephones to sophisticated automated systems that ensure production activities. The main task of hardware is to ensure strong protection of information from disclosure, leakage and unauthorized access through technical means of supporting production activities;

3. software, covering special programs, software packages and information security systems in information systems for various purposes and means of processing (collection, accumulation, storage, processing and transmission) of data;

4. cryptographic means– these are special mathematical and algorithmic means of protecting information transmitted over communication systems and networks, stored and processed on a computer using a variety of encryption methods.

Physical means of protection are a variety of devices, fixtures, structures, apparatus, and products designed to create obstacles in the way of attackers.

Physical means include mechanical, electromechanical, electronic, electro-optical, radio and radio engineering and other devices to prohibit unauthorized access (entry, exit), carrying (removal) of funds and materials and others possible types criminal actions.

These tools are used to solve the following problems:

1) protection of the territory of the enterprise and surveillance of it;

2) protection of buildings, internal premises and control over them;

3) protection of equipment, products, finances and information;

4) implementation of controlled access to buildings and premises.

All physical means of protecting objects can be divided into three categories: warning means, detection means and threat elimination systems. Security alarms and CCTV, for example, are threat detection tools; fences around objects are a means of preventing unauthorized entry into the territory, and reinforced doors, walls, ceilings, bars on windows and other measures serve as protection against penetration and other criminal activities (eavesdropping, shelling, throwing grenades and explosives, etc. .). Fire extinguishing equipment refers to threat elimination systems.

Hardware information security devices include a wide range of technical designs in terms of operating principle, design and capabilities, ensuring suppression of disclosure, protection against leakage and countering unauthorized access to sources of confidential information.

Hardware information security tools are used to solve the following tasks:

1) conducting special studies of technical means of supporting production activities for the presence of possible channels of information leakage;

2) identifying channels of information leakage at different objects and premises;

3) localization of information leakage channels;

4) search and detection of industrial espionage means;

5) countering unauthorized access to sources of confidential information and other actions.

Computer protection systems from foreign intrusion are very diverse and are classified as:

1) self-protection means provided by the general software;

2) security measures as part of the computer system;

3) means of protection with a request for information;

4) active protection means;

5) means of passive protection and others.

The following areas of using programs to ensure the security of confidential information can be distinguished, in particular the following:

1) protection of information from unauthorized access;

2) protection of information from copying;

3) protection of programs from copying;

4) protection of programs from viruses;

5) protecting information from viruses;

6) software protection of communication channels.

For each of these areas there is a sufficient number of high-quality software products developed by professional organizations and distributed on the markets.

Software protection tools have the following types of special programs:

1) identification of hardware, files and user authentication;

2) registration and control of the operation of technical equipment and users;

3) maintenance of limited-use information processing modes;

4) protection of computer operating facilities and user applications;

5) destruction of information in protective devices after use;

6) signaling violations of resource use;

7) auxiliary protection programs for various purposes.

To protect against foreign intrusion, certain security measures are required. The main functions that must be performed by software are:

1) identification of subjects and objects;

2) differentiation (sometimes complete isolation) of access to computing resources and information;

3) control and registration of actions with information and programs.

The most common identification method is password identification. However, practice shows that password protection of data is a weak link, since the password can be eavesdropped or spied on, intercepted, or simply guessed.

Copy protection means prevent the use of stolen copies of software and are currently the only reliable means - both protecting the copyright of programmers and developers, and stimulating the development of the market. Copy protection means are means that ensure that a program performs its functions only when a unique non-copyable element is identified. Such an element (called a key) can be a floppy disk, a specific part of a computer, or a special device connected to personal computer. Copy protection is implemented by performing a number of functions that are common to all protection systems:

1. Identification of the environment from which the program will be launched (floppy disk or PC);

2. Authentication of the environment from which the program is launched;

3. Reaction to launch from an unauthorized environment;

4. Registration of authorized copying;

5. Resistance to the study of system operation algorithms.

Malicious programs and, above all, viruses pose a very serious danger when confidential information is stored on a PC. Underestimating this danger can have serious consequences for users' information. Knowledge of the mechanisms of action of viruses, methods and means of combating them allows you to effectively organize counteraction to viruses, minimize the likelihood of infection and losses from their influence.

“Computer viruses” are small executable or interpreted programs that have the ability to spread and self-replicate (replicate) in computer system. Viruses can modify or destroy software or data stored on a PC. Viruses can modify themselves as they spread.

Currently, there are more than 40 thousand registered computer viruses in the world. Since the vast majority of modern malicious programs have the ability to self-replicate, they are often classified as computer viruses. All computer viruses can be classified according to the following criteria:

– according to the habitat of the virus,

– according to the method of contamination of the habitat,

– according to destructive capabilities,

– according to the features of the virus algorithm.

The massive spread of viruses and the serious consequences of their impact on computer resources have necessitated the development and use of special anti-virus tools and methods of their use. Antivirus tools are used to solve the following problems:

– detection of viruses in CS,

– blocking the operation of virus programs,

– eliminating the effects of viruses.

It is advisable to detect viruses at the stage of their introduction or, at least, before the destructive functions of viruses begin. It should be noted that there are no antivirus products that guarantee the detection of all possible viruses.

If a virus is detected, you must immediately stop the virus program in order to minimize the damage from its impact on the system.

Elimination of the consequences of viruses is carried out in two directions:

– removal of viruses,

– restoration (if necessary) of files, memory areas.

To combat viruses, software and hardware-software tools are used, which are used in a certain sequence and combination, forming methods for combating viruses.

The most reliable method of protection against viruses is the use of hardware and software antivirus tools. Currently, special controllers and their software are used to protect PCs. The controller is installed in the expansion slot and has access to the common bus. This allows him to control all calls to disk system. IN software controller remembers areas on the disks that can be changed in normal modes work is not allowed. Thus, you can install protection against changes to the master boot record, boot sectors, configuration files, executable files, etc.

When prohibited actions are performed by any program, the controller issues a corresponding message to the user and blocks the operation of the PC.

Hardware and software antivirus tools have a number of advantages over software ones:

- work constantly;

– detect all viruses, regardless of their mechanism of action;

– block unauthorized actions resulting from a virus or an unqualified user.

These tools have one drawback - dependence on PC hardware. Changing the latter leads to the need to replace the controller.

Modern anti-virus software can carry out a comprehensive scan of your computer to identify computer viruses. For this purpose the following are used antivirus programs like – Kaspersky Anti-Virus (AVP), Norton Antivirus, Dr. Web, Symantec Antivirus. They all have antivirus databases, which are updated periodically.

Cryptography as a means of protecting (closing) information is becoming increasingly important in the world of commercial activity.

Cryptography has a fairly long history. At first it was used mainly in the field of military and diplomatic communications. Now it is necessary in industrial and commercial activities. If we consider that today hundreds of millions of messages, telephone conversations, huge volumes of computer and telemetric data are transmitted through encrypted communication channels in our country alone, and all this is not for prying eyes and ears, it becomes clear: maintaining this secret is extremely necessary here.

Cryptography includes several sections of modern mathematics, as well as special branches of physics, radio electronics, communications and some other related fields. Its task is to transform, using mathematical methods, a secret message transmitted over communication channels, telephone conversation or computer data in such a way that it becomes completely incomprehensible to unauthorized persons. That is, cryptography must provide such protection for secret (or any other) information that even if it is intercepted by unauthorized persons and processed by any means using the fastest computers and the latest achievements of science and technology, it should not be decrypted for several decades. For such information transformation, various encryption tools– such as means of encrypting documents, including portable ones, means of encrypting speech (telephone and radio conversations), telegraph messages and data transmission.

The original information that is transmitted over communication channels can be speech, data, video signals, called unencrypted messages R.

In an encryption device, message P is encrypted (converted into message C) and transmitted over an “unclosed” communication channel. At the receiving end, message C is decrypted to restore the original meaning of message P.

A parameter that can be used to retrieve specific information is called a key.

If in the process of exchanging information, the same key is used for encryption and reading, then such a cryptographic process is called symmetric. Its main disadvantage is that before the exchange of information can begin, a key must be transferred, and this requires secure communication.

Currently, when exchanging data over communication channels, asymmetric cryptographic encryption is used, based on the use of two keys. These are new cryptographic algorithms with a public key, based on the use of two types of keys: secret (private) and public.

In public key cryptography, there are at least two keys, one of which cannot be deduced from the other. If the decryption key cannot be obtained by computational methods from the encryption key, then the secrecy of information encrypted using an unclassified (public) key will be ensured. However, this key must be protected from substitution or modification. The decryption key must also be secret and protected from substitution or modification.

If, on the contrary, it is impossible to obtain the encryption key from the decryption key by computational methods, then the decryption key may not be secret.

The keys are designed in such a way that a message encrypted by one half can only be decrypted by the other half. By creating a key pair, the company widely distributes the public key and securely guards the private key.

Public key protection is not completely secure. Having studied the algorithm for its construction, we can reconstruct private key. However, knowledge of the algorithm does not yet mean the ability to reconstruct the key in a reasonably acceptable time. Based on this, the principle of sufficiency of information protection is formed: information protection is considered sufficient if the costs of overcoming it exceed the expected cost of the information itself. This principle is used to guide asymmetric data encryption.

Separating the encryption and decryption functions by dividing into two parts the additional information required to perform the operations is the valuable idea behind public key cryptography.

Experts pay special attention to cryptographic protection, considering it the most reliable, and for information transmitted over long-distance communication lines, the only means of protection against theft.

Information security is understood as the state of information security of the society environment from internal and external threats, ensuring its formation, use and development in the interests of citizens, organizations, states (Law of the Russian Federation “On participation in international information exchange”).

There are certain requirements for the information security system:

– clear definition of the powers and rights of users to access certain types of information;

– providing the user with the minimum powers necessary for him to perform the assigned work;

– minimizing the number of security measures common to several users;

– recording cases and attempts of unauthorized access to confidential information;

– ensuring an assessment of the degree of confidential information;

– ensuring control of the integrity of protective equipment and immediate response to their failure.

A security system is understood as an organized set of special bodies, services, means, methods and measures that ensure the protection of the vital interests of the individual, enterprise and state from internal and external threats.

Like any system, an information security system has its own goals, objectives, methods and means of activity, which are coordinated in place and time depending on the conditions.

From an information security point of view, information has the following categories:

1. Confidentiality – a guarantee that specific information is available only to the circle of people for whom it is intended; Violation of this category is called theft or disclosure of information.

2. Integrity – a guarantee that the information now exists in its original form, that is, no unauthorized changes were made during its storage or transmission; Violation of this category is called message falsification.

3. Authenticity – a guarantee that the source of information is exactly the person declared as its author; violation of this category is also called falsification, but by the author of the message.

4. Appealability is a rather complex category, but often used in e-commerce - a guarantee that, if necessary, it will be possible to prove that the author of the message is the declared person, and no one else can be; The difference between this category and the previous one is that when the author is replaced, someone else tries to claim that he is the author of the message, and when appealability is violated, the author himself tries to “disown” his words, which he once signed.

Threats to confidential information are usually understood as potential or actually possible actions in relation to information resources, leading to the unlawful acquisition of protected information.

Such actions are:

Familiarization with confidential information in various ways and means without violating its integrity;

Modification of information for criminal purposes as a partial or significant change in the composition and content of information;

Destruction (destruction) of information as an act of vandalism with the aim of directly causing material damage.

Actions leading to unlawful acquisition of confidential information:

1. Disclosure is intentional or careless actions with confidential information, which led to the familiarization with it of persons who were not allowed to know it.

2. Leakage is the uncontrolled release of confidential information outside the organization or circle of persons to whom it was entrusted.

3. Unauthorized access is the unlawful deliberate acquisition of confidential information by a person who does not have the right to access protected secrets.

1. Why is it necessary to protect information?

2. What is meant by information security?

3. What system can be called safe?

4. What is a state secret?

5. What information can be classified as a state secret?

6. What is a trade secret?

7. What information constitutes a trade secret?

8. What is not a trade secret?

9. What levels of access to information are regulated by Russian legislation?

10. How are information security methods divided?

11. What are the characteristics of organizational and legal methods and means of information protection?

12. What engineering methods and means are used to protect information?

13. How to protect information from unauthorized access?

14. What is a “computer virus”?

15. How are computer viruses classified?

16. What tools are used for anti-virus protection?

17. How can a virus get into a computer?

18. How is information protected from copying?

19. What are cryptographic methods and information security tools based on?

20. How is asymmetric data encryption carried out?

21. What is meant by information security?

23. What are information security threats?

24. What actions lead to unlawful acquisition of information?