PROTECTION OF THE INFORMATION AGAINST UNAUTHORIZED ACCESS IN COMPUTER NETWORKS
N. V. Nikolenko, O. A. Shlegel,
Volga region State University of Service, Togliatti, Russia
M. Molasy
Wroclaw University of Technology, Wroclaw, Poland
ЗАЩИТА ИНФОРМАЦИИ от несанкционированного ДОСТУПА В КОМПЬЮТЕРНЫХ СЕТЯХ
,
Поволжский государственный университет сервиса, Тольятти, Россия
M. Molasy
Wroclaw University of Technology, Wroclaw, Poland
Development of computer equipment and its wide introduction in various fields of activity of the person has called growth of number of illegal operations which tools also are computers. Modification of the information, its easy change enables to receive some sums of money; industrial espionage destroys protection of competitors. The comprehensive approach to protection of the information is necessary, limitation should not appear. Organizational, physical, program-technical - components of the linked, cooperating measures on the organization of information safety. One of major principles of the organization of information safety - absolute protection does not exist, therefore it is necessary to aspire to theoretically maximum level of protection at the minimum threats in the given conditions (fig. 1).
Fig. 1. The reasons of loss of the information
To prevent the reasons 1-4 it is possible by means of backup of data that is most the common and simple exit (fig. 2).
 |
 |
Fig. 2. Resources of backup
In case of loss of the information it can be restored: 1.). With usage of the backup data; 2). Without usage of the backup data.
Unauthorized access - reading, upgrade or corrupting of the information at absence on it of appropriate powers. Unauthorized access is carried out, as a rule, with usage of an another's name, change of physical addresses of devices, usage of the information remained after problem solving, modification program and a supply with information, plunder of the medium, installation of the equipment of record. For successful protection of the information the user should have a clear idea absolutely of possible paths of unauthorized access (fig. 3).
Fig. 3. Paths of unauthorized obtaining of the information
Following main actions can be applied to protection of the information against unauthorized access (fig. 4).
Fig. 4. Protection of the information against unauthorized access
The main sorts of unauthorized access to data are the following: reading, record. And accordingly data protection is required: from reading, from record. Data protection from reading automatically means also a write protect for possibility of record at absence of possibility of reading is practically senseless (fig. 5).
 | |
| |
Fig. 5. Ways of protection of the information from reading and records
Under threat of safety operation or event which can lead to corrupting, to distortion or unauthorized usage of resources of a network, including that is understood, that is stored, the transmitted and processed information, and also program and hardware. Threats can be divided on: inadvertent, or random; deliberate. Random threats arise as result of errors in the software, failure of hardware, incorrect operations of users or the network administrator and another. Deliberate threats pursue the purpose of plotting of damage to users and net abonents and are in turn subdivided on active and passive. Passive threats are routed on unauthorized usage of information resources of a network, but thus do not render influence on its operation. An example of passive threat is obtaining the information circulating in channels of a network, by means of listening. Active threats have for an object violation of normal process of operation of a network by means of purposeful effect on its hardware, program and information resources. Corrupting or radio-electronic suppression of communication circuits, output concern to active threats out of operation a computer or the operating system, distortion of data in user's databases or the system information and another, for example (fig. 6).
Threats of disclosure of the confidential information are realized by unauthorized access to databases. Kompromation the information it is realized by means of depositing unauthorized changes in databases. Unauthorized usage of resources of a network is a resource of disclosure or kompromation the information, and also damages to users and administration of a network. Erratic usage of resources is consequence of the errors which are available in the software of the local area network. Unauthorized information interchange between net abonents enables to receive data, access to which is prohibited, i. e. as a matter of fact leads to disclosure of the information. Refusal of the information consists in non-recognition by the receiver or the remailer of this information of the facts of its obtaining or sending. Refusal in service represents rather widespread threat which source is the network. Similar refusal is especially dangerous in cases when the delay with resource allocation of a network can lead to heavy consequences for the abonent.
Fig. 6. Threats of safety
The international organization of standardization (IOS) defines following security services (fig. 7).
 |
Fig. 7. Security services on IOS
Following main mechanisms of safety are applied to protection of the information (fig. 8).
Encoding is applied to implementation of secret services and used in a number of other services. Mechanisms of access control provide implementation of the same security service, carry out check of powers of objects of a network, i. e. programs and users, on access to resources of a network. At access to a resource through connection the control is fulfilled in a point of initialization of link, in intermediate points, and also in a finite point. The most widespread and simultaneously the most unreliable method of authentifications is parole access. Plastic cards and electronic counters are more perfect. Methods of authentification on special signs of the person, so-called biometric methods are considered as the most reliable. The digital signature is used for implementation of services of authentification and protection against refusals. Inherently it is called to be for electronic clone of the accessory the signature used on paper documents. The mechanism of the digital signature is based on usage of a way of encoding with the open key. The knowledge of the meeting open key enables the receiver of the electronic message unambiguously опознать its remailer.
The additional mechanisms of safety stipulated IOS, the following are: support of data integrity; authentification; substitution of traffic; control of routing; arbitration.
Fig. 8. The main mechanisms of safety
The safety of the information in the large automated systems (LAS) is a challenge. Real cost of an information containing in such systems to count up difficultly, and safety of information resources is difficult for measuring or estimating. As the object of protection in modern LAS territorially distributed heterogeneous network with the difficult structure, intended for the distributed data processing, often named by a corporate network appears. Prominent feature of such network is that in it the equipment of the most different manufacturers and generations functions, and also the inhomogeneous software which has been not oriented initially on a co processing of data. Solution of problems of safety LAS consists in construction of a complete protection system of the information. In practice it is necessary to face with number more the common questions of policy of safety which solution will provide reliable and uninterrupted operation of an intelligence system.
Literature
1. Molasy M., Molasy M., Shlegel О., Shlegel A., Innovatios in Management of Personnel Potential of an Enterprise of Service, Tuning, SYSTEMS, Journal of Transdisciplinary Systems Science, Wroclaw University of Technology, Poland, Volume 10, Number 2, 2005.
2. Shlegel О., Shlegel E. O., Molasy M., Molasy M. Modeling of Personnel Potential Management in a Car Service Enterprise SYSTEMS, Journal of Transdisciplinary Systems Science, Wroclaw University of Technology, Poland, Volume 10, Number 2, 2006.
3. Shlegel О., Shlegel E. O., Molasy M., Molasy M. Economic Information Systems on Enterprise of the Serves /Information Systems Architecture and Technologi. Decision Making Models. Wroclaw University of Technology. Wroclaw. Poland/ 20s.
4. Erokhina L. I., Shlegel О., Molasy M., Plotnikova N., Spiridonova E. Formation and Use of Innovative Actions in the Management of Labor Potential at the Enterprise SYSTEMS, Journal of Transdisciplinary Systems Science, Wroclaw University of Technology, Poland, Volume 11, Number 2, 2006.
5. , , Шлегель М., Синергетика и динамические экономические математические модели./Синергетика природных, технических и социально-экономических систем: сб. статей Международной науч.-технич. конференции. Ч. II. – Тольятти: Изд-во ТГУС, 2007. – 175 с.
Резюме
Автор рассматривает проблемы защиты информации от несанкционированного доступа. Автор указывает, какие действия следует отнести к неправомерному доступу к информации и рассматривает механизмы ее защиты.
Summary
The author considers problems of protection of the information from the non-authorized access. The author specifies, what actions should be related to wrongful access to the information and considers examines mechanisms of its protection.
