Traffic protection mechanisms
The presence of such mechanisms is necessary in the case when the intensity of data exchange between subscribers is classified information, and also when the fact of connection of two specific subscribers must remain confidential.
There are two ways to solve the problem of traffic protection. At one of them it is possible to carry out a constant transmission over the communication channel of some noise (ie, random) information. At the same time, it is practically impossible to detect when the transmission of meaningful data is actually taking place on the channel.
In another way, the information on the router node is placed in the new packet (together with the addresses of the sender and the receiver). As the address of the sender in the new packet, the address of this router is indicated, and as the destination address is the address of the node-router closest to the network in which the real recipient of the information is located.
If an attacker knows of a particular route that a subscriber's message is on, he can conduct an attack that will lead to a "denial of service" type of threat.
To protect against such attacks, it is necessary to use special tools that must choose the safe, the most reliable (including in terms of physical characteristics of the equipment) communication channels.
The security policy mechanisms discussed above should function together within a single integrated system. Only if this condition is met can guarantee a certain level of security of information. Separate application of one or several security measures will not be able to withstand a well-equipped and prepared attacker.
To test the health of the protection system, you must use security assessment tools.
To assess the security of the system, analyze its vulnerability. Vulnerabilities are understood as & quot; weak points & quot; system, which can be used by an attacker both for the actual attack, and for gathering the necessary information about the system for future attacks.
Vulnerability analysis can be of two kinds: passive and active .
With passive analysis , only the system scan is performed - the elements and mechanisms of the system are identified, the protection of which is not sufficient, which can be exploited by an attacker. It also assumes the possibility of an invasion.
Active analysis involves attempts to conduct various kinds of attacks and, in most cases, is a more reliable and effective method. However, when using it, there is a possibility of system failure.
Practical studies have shown that a vulnerability can be divided into two classes:
• operational defects (implementation errors);
• Administration errors.
Operational defects characterize the technological security of the information resource and are the result of errors in the design and implementation of the software of the AU. For the convenience of creating protection systems and modeling of penetration into the AU, it is advisable to classify design errors by the mechanisms (subsystems) of the system's security. At the same time, the main types of operational defects are the shortcomings of authentication mechanisms, access delimitation, data integrity, cryptography, as well as network protocols and software implementation errors.
Administration errors characterize operational safety and are the result of incorrect settings of the operating system and its applications in relation to the purpose of the AS and the requirements for its security. The causes of administrative errors can be various incompetent, negligent or malicious actions of administrators and users of AU. The main types of administration errors are user connection settings errors, password protection settings and the use of easily selectable passwords, server configuration, authorization.
Currently, there are special security controls. In addition, many information security systems have built-in tools for such control. In any case, it is necessary to pay sufficient attention to this ethane of the creation and functioning of the protection system, since the presence of a protection system in which serious failures and errors are possible, in some cases worse than its absence. This is due to the fact that users have the illusion of security, although in fact the situation is exactly the opposite.
Thus, for a competent choice or building a system for protecting information and maintaining its functioning, it is necessary:
• identify all possible threats to the protected information;
• Competently, fully and clearly formulate the security policy of the organization as a whole and the computing system in particular;
• Ensure the complexity of the construction of the protection system: it must contain a complete set of necessary mechanisms and means of protection and implement them together;
• constantly monitor the performance of the protection system and conduct its periodic verification;
• Choosing the right security company and its separate components: this company should be well-established in the market, it is desirable to have a lot of experience in this field and a wide network of customers.
Only if these conditions are met can we talk about providing a certain level of information security.
How to ...
We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)