Methods and means of information protection
Methods and means of protection of computer informationrepresent a combination of various measures, technical and software tools, moral and ethical and legal norms that are aimed at countering threats of intruders and minimizing the possible damage to the owners of the system and users of information.
Consider the following types of traditional measures to prevent the leakage of information from the computer.
Technical methods and means of information protection
- protection against unauthorized access to the computer system;
- reservation of all important computer subsystems;
- the organization of networks with the subsequent possibility to redistribute resources if there will be a disruption in the performance of individual network links;
- installation of equipment to detect and extinguish fires;
- installation of water detection equipment;
- the adoption of a set of measures to protect against theft, sabotage, sabotage, explosions;
- installation of a backup power supply system;
- equipping the room with locks;
- alarm installation, etc.
Organizational methods and means of information protection
- server security;
- carefully organized recruitment;
- Exclusion of such cases when all the most important works are performed by one person;
- development of a plan, how to restore the server's performance in a situation where it will fail;
- universal means of protection from any user (even from top management).
Methods of unauthorized access to information
It is not enough to know the above methods and means of protecting information, it is necessary to understand how unauthorized access can be made to information.
It should be noted that unauthorized access toimportant information can occur during repair or preventive work with computers due to the fact that the residual information on the media can be read, despite the fact that the user has removed it in a timely manner by the usual method. Another way is when the information is read from the media, if it is transported without protection.
The work of modern computers is based onintegrated circuits, during which high-frequency changes in the levels of currents and voltages are realized. This leads to the fact that in power circuits, nearby equipment, air, etc. there are electromagnetic fields and pickups, which with the help of some "spy" technology can easily be transformed into information that is processed. In this case, the smaller the distance from the receiver of the attacker to the hardware, the more likely that it will be possible to remove and decipher the information. A familiarization with information that is unauthorized is also possible by directly connecting the "spyware" means to the network equipment and communication channels.
Methods and methods of information protection: authentication and identification
Identification is an assignmentsubject or object of a unique image or name. Authentication is a test of whether the subject / object is the one for whom it is trying to extradite itself. The ultimate goal of both measures is the admission of the subject / object to that information that is in limited use or denied such admission. The identity of an object can be implemented by a program, hardware device or by a human. Objects / subjects of authentication and identification can be: technical means (workstations, monitors, subscriber stations), people (operators, users), information on the monitor, magnetic media, etc.
Methods and means of information security: the use of passwords
A password is a collection of characters(letters, numbers, etc.), which is designed to determine the object / subject. When it comes to the question of which password to choose and install, there is always a question about its size, the way to apply resilience to the choice of an attacker. Logically, the longer the password, the higher the level of security it will provide the system, since it will take much more effort to guess / match the combination.
But even if the password is reliable, it should beperiodically change to a new one in order to reduce the risk of its interception while directly stealing the media or removing a copy from the carrier, or by forcibly coercing the user to say "magic" word.