Computer information protection. Hardware and software information protection enterprises

Hardware protection methods include different devices on the principle of operation, on technical structures that implement protection against disclosure, leakage and NSD access to information sources. Such means are used for the following tasks:

  • Detection of data leakage lines on different premises and objects
  • Implementation of special statistical studies of technical methods for ensuring the fact of availability of leakage lines
  • Localization of data leak lines
  • Counteraction on NSD to data sources
  • search and detect spying tracks

Hardware can be classified according to the functional purpose of detection, measurements, search, passive and active counteraction. Also, funds can be divided into ease of use. Device developers are trying to more and more simplify the principle of working with the device for ordinary users. For example, a group of electromagnetic radiation indicators of the form of an IP, which have a large spectrum of incoming signals and low sensitivity. Or the complex for identifying and finding radio layers, which are intended to detect and locate radio transmitters, telephone bookmarks or network transmitters. Or complex Delta Implements:

  • automatic location of the location of microphones in the space of a certain room
  • Accurate detection of any radio microphones that are on sale, and other radiating transmitters.

Search hardware can be divided into data removal methods and its study of leakage lines. Devices of the first type are configured to localization and search for already embedded NSD tools, and a second type to identify data leakage lines. To use professional search equipment you need a great user qualification. As in another area of \u200b\u200btechnology, the versatility of the device leads to a decrease in its individual parameters. From another point of view, there are so many different data leakage lines in their physical nature. But large enterprises can afford and professional expensive equipment and qualified employees on these issues. And naturally, such hardware will be better working in real conditions, you mean to identify the channels of leaks. But this does not mean that it is not necessary to use simple cheap search tools. Such means are easy to use and in the acuplicate tasks will not be worse.

Hardware can be applied to separate parts of the computer, to the processor, RAM, external memory, I / O controllers, terminals, and so on. To protect processors, code reservations are implemented - this creation of additional bits in machine commands and backups in processor registers. To protect RAM, it is implemented to restrict access to the boundaries and fields. To indicate the privacy level of programs or information, additional confidentiality bits are applied with which program encoding and information is implemented. Data in RAM require protection from the NSD. From reading residue information after processing them in RAM uses the erase scheme. This diagram records another sequence of characters on the entire memory block. To identify the terminal, a certain code generator is used, which is sewn into the terminal hardware, and when connected it is checked.

Hardware data protection methods are different technical devices and structures that implement the protection of information from leakage, disclosure and NSDs.

Protection mechanisms

The protection system of the workstation from the invasion of the attacker is very different, and classified:

  • Methods of protection in the most computational system
  • Personal protection methods that are described by software
  • Data Protection Methods
  • Active / Passive Protection Methods

In detail about such a classification can be viewed in Fig. 1.

Picture 1

Directions for the implementation of information program security

Directions that are used to implement the safety of information:

  • copy protection
  • protection against NSD
  • protection against viruses
  • protection of communication lines

For each of the directions, you can use many high-quality software products that are in the market. Also, software can have varieties of functionality:

  • Control of work and registration of users and technical means
  • Identification of available technical means, users and files
  • Protection of operating resources of computer and user programs
  • Maintenance of various data processing modes
  • Delivery of data after its use in the elements of the system
  • Signaling with violations
  • Additional programs of another destination

Software protection areas are divided into data protection (preservation of integrity / confidentiality) and program protection (implementation of the quality of information processing, there is a commercial secret, most vulnerable to the attacker). Identification of files and technical means is implemented programmatically, the algorithm is based on the inspection of the registration numbers of different components of the system. Excellent identification methods of addressed elements have a request-response algorithm. In order to distinguish between requests for various users, individual resource secrecy facilities and personal access control to them are used to different information categories. If for example, the same file can edit different users, then several options are saved, for further analysis.

Protection of information from NSD

To implement protection against invasion, you need to implement basic software functions:

  • Identification of objects and subjects
  • Registration and control of action with programs and actions
  • Disposal access to system resources

Identification procedures imply inspections whether the subject is trying to gain access to resources, the one for whom it gives itself. Such checks can be periodic or disposable. For identification, methods are often used in such procedures:

  • complex, simple or disposable passwords;
  • icons, keys, tokens;
  • special identifiers for equipment, data, programs;
  • analysis methods of individual characteristics (voice, fingers, hands, faces).

Practice shows that passwords for protection are a weak link, since it can be overhears or high in practice or unravel. To create a complex password, you can read these recommendations. The object, access to which is carefully controlled, can be entry in the file, or the file itself or the individual field in the file entry. Usually, many access control tools draw data from the access matrix. You can also approach access control based on controlling information channels and separation of objects and subjects of access to classes. A set of software and technical methods of data security solutions from a NSD is implemented by actions:

  • accounting and registration
  • access control
  • realization of funds

You can also note the shape of the separation of access:

  • Access prevention:
      • to individual sections
      • to Winchester.
      • to catalogs
      • to individual files

    to interchangeable data carriers

  • protection against modification:
    • catalogs
    • files
  • Installing the File Group Access Privileges
  • Copy Prevention:
    • catalogs
    • files
    • custom programs
  • Destruction protection:
    • files
    • catalogs
  • Screen darkening after a while.

General means of protection against NSD are shown in Fig.2.

Figure - 2.

Copy protection

Copy protection methods prevent the implementation of stolen copies of programs. Under copy protection methods implies funds that implement the execution of the program functions only with the presence of a unique non-populated element. This may be part of a computer or application programs. Protection is implemented by such functions:

  • identification of the environment where the program is launched
  • environmental authentication where the program is launched
  • Reaction to the start of the program from an unauthorized environment
  • Registration of authorized copying

Protection of information from removal

Deleting data can be implemented under a number of activities such as restoration, reservation, updates, and so on. Since the events are very diverse, to fit them under them hard. It may also be a virus, and the human factor. And even from the virus there is opposition, these are antiviruses. But there is little opposition from human actions. To reduce risks from such a number of actions:

  • Inform all users about the damage to the enterprise when implementing such a threat.
  • Prohibit receiving / opening software products that have outsiders relative to the information system.
  • Also launch games on those PC where there is processing of confidential information.
  • Implement archiving copies of data and programs.
  • Check the checksum of data and programs.
  • Implement qi

The main directions of protection

The standard of architectural principles of construction, equipment and software of personal computers (PCs) and a number of other reasons determine the relatively easy access of a professional to information in the PC. If a personal computer enjoys a group of persons, it may be necessary to restrict access to information from various consumers.

Unauthorized access The PC information will be called familiarization, processing, copying, use of various viruses, including destroying software products, as well as modifications or destruction of information in violation of the established rules of access to the access.

In the protection of PC information from unauthorized access, you can allocate three main directions:

- the first is focused on preventing the violator to the computing environment and is based on special program and technical identification of the user;

- the second is associated with the protection of the computing environment and is based on the creation of special information on the protection of information;

- The third direction is associated with the use of special means of protecting the PC information from unauthorized access (shielding, filtering, grounding, electromagnetic sleeve, weakening the levels of electromagnetic radiation and filing with absorbing agreed loads).

Software Protection Methods provide for the use of special programs to protect against unauthorized access, protection of information from copying, modifications and destruction.

Protection against unauthorized access involves:

- identification and authentication of subjects and objects;

- delimitation of access to computing resources and information;

- Control and registration of actions with information and programs.

The identification and authentication procedure involves checking whether this entity can be allowed to resources ( identification) And whether the subject carrying access (or an object to which access is carried out), for whom it gives out ( authentication).

Software identification procedures are commonly used various methods. These are mainly passwords (simple, complex, disposable) and special identifiers or checksums for equipment, programs and data. Hardware and software methods are used for authentication.

After performing identification and authentication procedures, the user gets access to the system and then the information protection is performed on three levels: equipment, software and data.



Protection of equipment and software Provides access control to computing resources (to individual devices, to RAM, to the operating system, to service or personal program, keyboard, display, printer, disk drive).

Data Management Information Protection Allows the execution of only actions permitted by the Rules of Data, and also provides information protection when it is transmitted through communication channels.

Access control provides:

- selective resource protection (user failure and access to the database B, but permission to access the C) database;

- provision and depriving access for all types and access levels (administration);

- identification and documentation of any violations of the access rules and attempts to violate;

- Accounting and storage of information about the protection of resources and on permissible tolerances.

At the heart of the program methods for the protection of information under the password. Password protection can be overcome using utilities used to debug software and restore information, as well as using the password opening programs. System debug utilities allow you to circumvent protection. Password opening programs use brute force characters to guess the password. The time required for guessing the password by the method of simple combination of combinations increases in geometric progression with an increase in password length.

To save secrecy, you must adhere to the following guidelines for the choice of password:

- the minimum password length must be at least 8 -10 characters;

- For a password, you should use an extended alphabet, entering it symbols and signatures;

- Do not use standard words as a password, since there are standard passwords in the Internet, with which the typical password you can have been identified;

- the protection system must block the login after a certain number of unsuccessful input attempts;

- The login time must be limited to the working day time.

In modern information systems (IP), information has two contradictory properties - accessibility and security from unauthorized access. In many cases, IP developers face the problem of choosing the priority of one of these properties.

Under the protection of information is usually understood precisely providing its security from unauthorized access. At the same time, under the unauthorized access itself, it is customary to understand the actions that entailed "... destruction, blocking, modification, or copying information ..." (Criminal Code of Article 272). All methods and means of information protection can be consecrated into two large groups: formal and informal.

Fig. 1. Classification of methods and means of information protection

Formal methods and means

These are such funds that perform their protective functions strictly formally, that is, according to a predetermined procedure and without direct human participation.

Technical means

Technical means of protection are called various electronic and electron-mechanical devices, which are included in the technical means of IP and are performed independently or in a complex with other means, some features of protection.

Physical means

The physical and electronic devices are called physical and electronic devices, elements of buildings, fire extinguishing equipment, and a number of other means. They ensure the following tasks:

  • protection of the territory and premises of the computing center from the penetration of intruders;
  • protection of equipment and carriers of information from damage or embezzlement;
  • preventing the possibility of observing the work of personnel and the functioning of equipment from outside the territory or through the windows;
  • preventing the possibility of intercepting electromagnetic emissions of working equipment and data lines;
  • monitoring staff;
  • organization of access to the staff of the staff;
  • control over the movement of personnel in various work areas, etc.

Cryptographic Methods and Means

Cryptographic methods and means are called special information transformation, as a result of which its representation changes.

In accordance with the functions performed, cryptographic methods and tools can be divided into the following groups:

  • identification and authentication;
  • access separation;
  • encryption protected data;
  • protection of programs from unauthorized use;
  • monitoring the integrity of information, etc.

Informal methods and means of information protection

Informal tools are such that are implemented as a result of targeted activities of people or regulate (directly or indirectly) this activity.

Informal funds include:

Organizational means

These are organizational and technical and legal activities carried out in the process of creating and operating IP in order to ensure information protection. In its content, all many organizational measures can be divided into the following groups conditionally:

  • events carried out when creating IP;
  • activities carried out during the operation of the IP: the organization of the bandwidth, the organization of automated information processing technology, the organization of work in shifts, the distribution of details of the separation of access (passwords, profiles, powers, etc.);
  • general Events: Accounting for protection requirements for selection and training, organization of planned and preventive verification mechanism for protection, planning of information protection measures, etc.

Legislative means

These are legislative acts of the country that regulate the rules for use and processing information of limited use and establish responsibility measures for violating these rules. It is possible to formulate five "basic principles", which underlie the system of law protection laws:

  • systems that accumulate large amounts of personal information should not be created, whose activities would be classified;
  • there must be ways with which a single personality can establish the fact of collecting personal information, find out what it is going, and how will be used;
  • there should be guarantees that the information obtained for some one goal will not be used for other purposes without informing the person to which it belongs;
  • there must be methods with which a person can correct information relating to it and contained in IP;
  • any organization, accumulating, storing and using personal information, should ensure the reliability of data storage with their appropriate use and should take all measures to prevent malfunction of data.

Moral - ethical norms

These norms can be as not written (generally accepted norms of honesty, patriotism, etc.) and written, i.e. decorated in some set of rules and regulations (Charter).

On the other hand, all methods and information security tools can be divided into two large groups by the type of protected object. In the first case, the object is a carrier of information, and all informal, technical and physical methods and information protection means are used here. In the second case, we are talking about the information itself, and cryptographic methods are used to protect it.

The most dangerous (significant) information threats are:

  • violation of confidentiality (disclosure, leakage) of information constituting banking, judicial, medical and commercial secret, as well as personal data;
  • impairment of performance (disorganization of work) of IP, blocking information, violation of technological processes, breaking the timely solution of tasks;
  • violation of integrity (distortion, substitution, destruction) of information, software and other IP resources, as well as falsification (fake) of documents.

Let us give a brief classification of possible channel leakage channels in the methods of organizing unauthorized access to information.

Indirect channelsallowing unauthorized access to information without physical access to IP components:

  • use of overhearding devices;
  • remote observation, video and photography;
  • interception of electromagnetic radiation, registration of crosspads, etc.

Channels related to access to IP elements, but do not require changes in the components of the system, namely:

  • monitoring information in the processing process to memorize it;
  • theft of media;
  • collecting production waste containing processed information;
  • intentional reading of data from files of other users;
  • reading residual information, i.e. data remaining on the storage fields after queries;
  • copying media;
  • intentional use to access the information terminals of registered users;
  • disguise under a registered user by abduction of passwords and other details of delimitation of access to information used in IP;
  • use to access information so-called "laseeks", that is, the possibilities for bypassing the accessing mechanism of access arising from the imperfection and ambiguities of programming languages \u200b\u200band system-wide software components in the IP.

Channels related to access to IP elements and with a change in the structure of its components:

  • illegal connection of special recording equipment to system devices or communication lines;
  • malicious change in programs so that these programs along with the basic information processing functions also carried out an unauthorized collection and registration of protected information;
  • the malicious conclusion is due to the protection mechanism.

1.3.3. Restricting access to information

In general, the information protection system from unauthorized access consists of three main processes:

  • identification;
  • authentication;
  • authorization.

At the same time, participants in these processes it is customary to the subjects - active ingredients (users or programs) and objects - passive components (files, databases, etc.).

The task of identification, authentication and authorization systems is the definition, verification and purpose of a set of percentage of the subject when accessing the information system.

Identification subject When accessing the IP is called the process of comparing it with some stored system in some object, the characteristic of the subject - the identifier. In the future, the subject identifier is used to provide a subject of a certain level of rights and powers when using the information system.

Authentication The subject is called the verification procedure to the identifier to the subject. Authentication is made on the basis of a secret element (authenticator), which have both the subject and the information system. Usually, in some facility in the information system, called the database of accounts, the secret element itself is stored, and some information about it, on the basis of which the decision is made on the adequacy of the subject by the identifier.

Authorization The subject is called the procedure for entering by its rights relevant to its powers. Authorization is carried out only after the subject has successfully passed identification and authentication.

The entire identification and authentication process can be schematically represented as follows:

Fig. 2. Identification and authentication process scheme

2- requirement to pass identification and authentication;

3- reference of the identifier;

4- checking the availability of the received identifier in the account database;

6- sending authenticators;

7- Checking the compliance of the authenticator received by the previously specified account identifier.

From the diagram (Fig. 2) it can be seen that to overcome the system of protection against unauthorized access, it is possible to either change the subject to the subject that implements the process of identification / authentication, or change the contents of the object - the account database. In addition, it is necessary to distinguish between local and remote authentication.

With local authentication, it can be considered that the processes 1,2,3,5,6 pass in the protected zone, that is, the attacker does not have the ability to listen or change the transmitted information. In the case of remote authentication, it is necessary to reckon with the fact that the attacker can take both passive and active participation in the process of sending identification / authentication information. Accordingly, such systems use special protocols that allow the subject to prove knowledge of confidential information without disclosure (for example, an authentication protocol without disclosure).

The general information protection scheme in IP can be represented as follows (Fig. 3):

Fig. 3. Removing information security in the information system

Thus, the entire system for the protection of information in IP can be divided into three levels. Even if the attacker succeeds in bypassing a system of protection against unauthorized access, it will face the problem of finding the information you need into IP.

Semantic protection implies concealment of the location of the information. For these purposes, it can be used, for example, a special format for recording for media or steganographic methods, that is, concealing confidential information in file-container files that are not carrying any significant information.

Currently, the steganographic methods for the protection of information were widespread in the two most actual directions:

  • concealing information;
  • copyright protection.

The last obstacle to the path of the attacker to confidential information is its cryptographic transformation. Such a conversion is called chipping. A brief classification of encryption systems is shown below (Fig.4):

Fig. 4. Classification of encryption systems

The main characteristics of any encryption system are:

  • key size;
  • the complexity of the encryption / decryption information for legal user;
  • the complexity of "hacking" encrypted information.

Currently it is assumed that the encryption / decryption algorithm is open and is well known. Thus, only the key is unknown, the owner of which is a legal user. In many cases, it is the key that is the most vulnerable component of the information protection system from unauthorized access.

Of the ten security laws, Microsoft two are dedicated to passwords:

Law 5: "Weak password will violate the most strict protection",

Law 7: "Encrypted data is accurately protected as much as the key of the decryption is."

That is why the choice, storage and change of the key in information protection systems are of particular importance. The key can be selected by the user independently or impose by the system. In addition, it is customary to distinguish between three main forms of key material:

1.3.4. Technical means of information protection

In general, information protection by technical means is provided in the following options:
The source and carrier of information are localized within the boundaries of the protection object and the mechanical barrier is provided from contact with them an attacker or remote effects on them fields of its technical means

  • the ratio of the carrier energy and interference at the receiver input installed in the leakage channel is such that the attacker cannot withdraw information from the carrier with the quality items necessary for its use;
  • an attacker cannot detect a source or carrier of information;
  • instead of true information, the attacker gets the false, which he takes as true.

These options implement the following protection methods:

  • preventing the direct penetration of the attacker to the source of information with the help of engineering structures, technical means of protection;
  • hiding reliable information;
  • "Using" an attacker of false information.

The use of engineering structures and protection is the most ancient method of protecting people and material values. The main task of the technical means of protection is to prevent (prevent) direct contact of the attacker or nature forces with protection objects.

Under the objects of protection are understood as people and material values \u200b\u200band carriers of information localized in space. Such media includes paper, machine carriers, photo and film, products, materials, etc., that is, everything that has clear sizes and weight. To organize the protection of such objects, such technical means of protection as a security and fire alarm are commonly used.

Media of information in the form of electromagnetic and acoustic fields, electric currents do not have clear boundaries and methods of hiding information can be used to protect such information. These methods provide such changes in the structure and energy of the carriers in which the attacker cannot directly or with the help of technical means to allocate information with quality sufficient to use it in its own interests.

1.3.5. Information security software

These protections are designed specifically to protect computer information and are built on the use of cryptographic methods. The most common software are:

  • Cryptographic processing programs (encryption / decryption) of information ("Verba" Mo PNIEI www.security.ru; "Crypton" Ankad www.ancud.ru; SECRET NET informschitis www.infosec.ru; "DALLAS LOCK" WWW configurity. confident.ru and others);
  • Programs to protect against unauthorized access to information stored on a computer ("Sable" Ankad www.ancud.ru and others);
  • Programming programs of information ("Stegano2et" and others);
  • Software guaranteed information destruction;
  • Protection systems from unauthorized copying and use (using electronic keys, for example, Aladdin www.aladdin.ru and with reference to the unique properties of the starforce information media).

1.3.6. Anti-virus information protection tools

In general, it is necessary to talk about "malware", which is how they are determined in the governing documents of the State Technical Commission and in the existing legislative acts (for example, Article 273 Ukrf "Creating, Use and Dissemination of Malicious Programs for ECM"). All malicious programs can be divided into five types:

  • Viruses - Defined as pieces of software code that have the ability to generate objects with similar properties. Viruses in turn are classified by habitat (for example: boot -, macro - etc. viruses) and destructive action.
  • Logic bombs- Programs, the launch of which occurs only when performing certain conditions (for example: Date, pressing the key combination, the absence / availability of specific information, etc.).
  • Worms - Programs that have the opportunity to distribute over the network, transferring to the destination node not necessarily completely all the program code - that is, they can "collect" themselves from individual parts.
  • Troyans- Programs that do not documented actions.
  • Bacteria - Unlike viruses, this is a solid program that have the property of reproducing themselves like.

Currently, malicious programs in the "clean" form practically do not exist - all of them are some symbiosis of the above types. That is, for example: Troyan may contain a virus and in turn the virus can have the properties of a logical bomb. According to statistics, about 200 new malicious programs appears daily, and the "leadership" belongs to the worms, which is quite natural, due to the rapid growth of the number of active Internet users.

As protection against malware, it is recommended to use anti-virus software packages (for example: DrWeb, AVP - domestic developments, or foreign, such as NAV, TrendMicro, Panda, etc.). The main method of diagnosing all available antivirus systems is an "signature analysis", that is, an attempt to check the received new information for the "signature" of a malicious program in it is a characteristic piece of program code. Unfortunately, this approach has two essential drawbacks:

  • You can diagnose only already known malware, and this requires constant updating of the "signatures" databases. This is about this warns one of the security laws Microsoft:

Law 8: "Not updated antivirus program is not much better than the absence of such a program"

  • A continuous increase in the number of new viruses leads to a significant increase in the size of the "signature" base, which in turn causes significant use of the computer's resource anti-virus program and, accordingly, slowing its operation.

One of the well-known ways to improve the efficiency of diagnosing malware is the use of the so-called "heuristic method". In this case, an attempt is made to detect the presence of malicious programs, given the well-known methods of their creation. However, unfortunately, in the event that a high-class specialist participated in the development of the program, it is possible to detect it only after the manifestation of its destructive properties.

print version

Reader

Job title annotation

Workshop

Name of workshop annotation

Presentations

Presentation name annotation

Software protection - This is the most common method of information security in computers and information networks. Usually they are used with the difficulty of using some other methods and means. User authentication is usually carried out by the operating system. The user is identified by its name, and the authentication means serves as a password.

Software protection programs represent a complex of algorithms and special-purpose programs and the overall support of computers and information networks. They are aimed at: Control and delimitation of access to information, the exclusion of unauthorized actions with it, control of security devices, etc. Protection software has versatility, simplicity of implementation, flexibility, adaptability, the ability to set up the system, etc.

Software to protect against computer viruses are widely used. For protection of machines from computer viruses , Prevention and "treatment" are used antiviruses, as well as diagnostic and prevention tools, allowing to prevent the virus to enter the computer system, to treat infected files and discs, detect and prevent suspicious actions. Antivirus programs are assessed by the accuracy of detection and effectively eliminating viruses, simple use, cost, possibilities to work on the network.

Programs intended for the prevention of infection, detection and destruction of viruses are most popular. Among them, domestic antivirus programs DrWeb (Doctor Web) I. Danilova and AVP (AntiViral Toolkit Pro) E. Kaspersky. They have a user-friendly interface, scan tools, system checks when loading, etc. Foreign antiviral programs are used in Russia.

Absolutely reliable programs that guarantee the detection and destruction of any virus does not exist. Only multi-level defense can provide the most complete protection against viruses. An important element of protection against computer viruses is prevention. Antivirus programs are used simultaneously with regular data reduction and preventive measures. Together, these measures allow you to significantly reduce the likelihood of infection with the virus.



The main measures for preventing viruses are:

1) application of licensed software;

2) regular use of multiple constantly updated antivirus programs to check not only your own media when transferred third-party files on them, but also any "foreign" floppy disks and disks with any information on them, incl. and reformatted;

3) Applying various protective equipment when working on a computer in any information environment (for example, on the Internet). Verification for the presence of viruses of files obtained over the network;

4) Periodic backup of the most valuable data and programs.

Most often, the sources of infection are computer games purchased by the "unofficial" way and non-license programs. Therefore, the reliable warranty from viruses is accuracy of users when choosing programs and install them to a computer, as well as during sessions on the Internet. The probability of infection is not from a computer network can be reduced to almost zero, if you use only licensed, legal products and never let your friends with unknown programs, especially games. The most effective measure in this case is to establish a distinction of access that does not allow viruses and defective programs to malware to influence the data even in the event of viruses penetration into such a computer.

One of the most well-known ways to protect information is its coding (encryption, cryptography). It does not save from physical influences, but in other cases serves as a reliable means.

The code is characterized by: lena - the number of signs used when encoding and structure - The arrangement of the characters used to designate the classification feature.

Coding means Serves matching table. An example of such a table to translate alphanumeric information to computer codes is the ASCII code table.

The first encryption standard appeared in 1977 in the United States. The main criterion for durability of any cipher or code are available computing power and time during which you can decipher. If this time is equal to several years, the resistance of such algorithms is sufficient for most organizations and personalities. For encryption information, cryptographic methods of its protection are increasingly used.

Cryptographic Information Protection Methods

General cryptography methods exist for a long time. It is considered a powerful means of ensuring confidentiality and monitoring the integrity of information. While there is no alternative to cryptography methods.

The persistence of a cryptoalgorithm depends on the complexity of the conversion methods. The development of data encryption and certification means of data protection tools is engaged in issues of development of data and certification of data protection tools.

If you use 256 and more discharge keys, the level of reliability of data protection will be tens and hundreds of supercomputer operation. For commercial use, 40-, 44-bit keys.

One of the important problems of information security is the organization of protection of electronic data and electronic documents. For their coding, in order to meet the requirements of data security from unauthorized impacts on them, an electronic digital signature is used (EDS).

Electronic signature

Digital signature Represents a sequence of characters. It depends on the message itself and from the secret key, known only to the signing this message.

The first domestic EDS standard appeared in 1994. The Federal Agency for Information Technologies (FAT) is engaged in issues of using EDS in Russia.

The introduction of all the necessary measures to protect people, premises and data is engaged in highly qualified specialists. They constitute the basis of the respective divisions, are deputy heads of organizations, etc.

There are also technical means of protection.

Technical means of protection

Technical means of protection are used in various situations, included in the physical means of protection and software and technical systems, complexes and devices of access, video surveillance, alarm and other types of protection.

In the simplest situations to protect personal computers from unauthorized startup and the use of data available on them, it is proposed to install devices that restrict access to them, as well as work with removable hard magnetic and magneto-optical discs, self-loading CDs, flash memory, etc.

For the protection of facilities in order to protect people, buildings, premises, material and technical means and information from unauthorized impacts on them, systems and measures of active safety are widely used. It is generally accepted for the protection of objects to apply access control systems (Court). Such systems are usually automated systems and complexes for software and technical means.

In most cases, to protect information, restrictions on unauthorized access to it, in buildings, premises and other objects have to simultaneously use software and technical means, systems and devices.