Types of information threats and protection from them
Factors that disrupt the operation of the information system can be divided into two groups: natural factors and deliberate actions of intruders.
The stability of the system against the first group of factors is related to its reliability. The stability of the system against the second group of factors is called its safety.
Threats to the security of the system can be classified according to the following characteristics:
• the goal that the attacker is trying to achieve;
• the element of the system on which the attack is being made;
• The way of attack.
The target of an attacker could be:
• complete disabling of the system;
• unauthorized receipt of confidential information stored in the system;
• Imposing false information and (or) stimulating a false alarm system.
We can distinguish the following main types of attacks:
• direct physical actions that disable the system (explosion, arson, power failure, etc.);
• unauthorized connection to system elements (most often to communication channels) for the purpose of unauthorized obtaining of information, or for the purpose of imposing false information;
• the creation of electromagnetic interference to disrupt the normal operation of the system;
• interception of spurious electromagnetic emissions and interference (PEMIN), emanating from the elements of the system;
• unauthorized actions from system terminals performed by unauthorized persons or users of the system that violate their access rights;
• copying of confidential information from external media or theft of these media, distortion of information stored on external media;
• Introduction of malicious programs into the system;
• unauthorized penetration into the system through network channels, primarily through the Internet.
To protect the information system from the threats listed above, the following methods are used:
• Physical protection;
• protection at the presentation level;
• algorithmic protection;
• Organizational protection.
Physical protection methods include:
• Protection against entry into the room and protection from access to equipment (locks, doors, alarm, casing);
• screening of rooms and equipment to protect against information leakage through secondary electromagnetic radiation (PEMIN);
• Protective noise, which interferes with the radio interception of PEMIN.
Protection against intrusion into the room and protection against access to equipment can be classified according to Fig. 19.1.
Fig. 19.1. Protection against intrusion into the room and protection against access to equipment
How to ...
We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)