The expert on information safety
The candidate of engineering science.
The science research are devoted to problems of creation of complex systems of
protection of the information.
By receiving high education of the engineer on radio-electronics and means of
radar-tracking investigation, long time was engaged in development and
operation of the automated control systems of military purpose.
In structure of the Ministry of a Defense of Ukraine, and then in State
committee of Ukraine on state secrets and technical protection of the
information, was engaged in introduction of modern information technologies,
and also search of ways of a safety of the information at creation and
operation of computer systems.
During last 15 years worked above the decision of questions of organization of
protection of the information in state, banks and commercial information
systems.
Education: Kiev high antiaircraft rocket military college
(1979)
Military academy antiaircraft forces (1988)
National academy of a defense of Ukraine (2000)
The book "Safety of information technologies. The system approach" is
addressed to a wide circle of the readers - students, system managers and
workers of various services of information safety. The author opens existing
threats and channels of outflow of the information, results the description of
mathematical models of systems of protection, and also considers questions of
creation of the protected information systems with an opportunity of flexible
management of safety. From the first chapters the readers find out about what
ways support safety of information resources in the state. Then the legislative
and legal aspects of organization of protection of the information are
considered, the existing approaches to creation of complex systems of safety
and their degree of risk are analyzed.
VALERY DOMAREV
Carried out a management of a number of research works on problems of a safety
of modern information technologies.
Sphere of interests:
- Methodology of creation of complex systems of information safety;
- Audit of systems of information safety;
- Management of information safety;
- Safety of information technologies;
- Technical protection of the information;
- Safety of an information society;
- Information wars;
- Information-psychological influence.
The book "Safety of information technologies. The system approach"
The summary
The book "Safety of information technologies. The system approach" is
addressed to a wide circle of the readers - students, system managers and
workers of various services of information safety. The author opens existing
threats and channels of outflow of the information, results the description of
mathematical models of systems of protection, and also considers questions of
creation of the protected information systems with an opportunity of flexible
management of safety. From the first chapters the readers find out about what
ways support safety of information resources in the state. Then the legislative
and legal aspects of organization of protection of the information are
considered, the existing approaches to creation of complex systems of safety
and their degree of risk are analyzed.
The special attention is given to the description of ways of protection of
objects of information systems, processes, procedures, programs of processing
of the information and channels of communication and much to another. It will
be interesting to the reader to learn about methods of industrial espionage
described in the book, and also how to counteract the information malefactors.
This book will help you to find ways of the decision of a problem of protection
of the information in conditions of a complete openness of modern information
technologies and independently to find the decision of a problem of protection
of the information in each concrete case. Many from the submitted materials
until recently were stored kept under a signature stamp
"confidentially" and were property only of special services and power
structures.
The complete contents:
Chapter 1. Information safety of the state
State policy of maintenance of information safety (003) 45
The basic rules of state policy (003) 46
Problems of information safety of the state 47
The basic directions of activity of the state in the field of information
safety (001) 47
The basic tasks of a safety of the information (002) 50
Safety of information resources 52
Documenting of the information (101) 53
State information resources (101) 54
The information on the citizens (personal data) (101) 56
The rights on access to the information from information resources (101) 57
The summary 59
Chapter 2. Information system as object of protection
That such information system (010) 62
IT everyone’s are necessary, IT everyone’s are important: (010) 66
Development and manufacture of information systems (001) 68
Structure IT and principles of its(her) functioning (010) 69
Typical components IT (010) 72
Problems of protection IT (010) 73
Protection for open IT (023) 77
Let's protect... Or let lives? (200) 79
It is not necessary us to frighten... (200) 81
The characteristics, influencing safety of the information (200) 81
Problems of integration of systems of protection (600) 84
" Absolute protection " (600) 84
The summary 85
Chapter 3. Safety in Internet
Internet in structure of IT maintenance of bodies of state authority (001) 88
Internet - as object of protection 89
Has flown down of protocols TCP/IP (220) 89
Typical services (220) 92
Structure of ports TCP and UDP (220) 93
Threats for the protocols and services Internet (220) 94
Supervision for transmitted, given(data) (220) 95,
Masking under other users (220) 95
Potential problems with electronic mail (220) 96
The summary 100
Chapter 4. Principles of construction of systems of protection of the
information
Concepts of protection (001) 106
Difficulties of realization System of protection of the information(001) 107
The basic rules of protection (001) 107
Protected IT and system of protection of the information (001) 109
How to supply safety of the information? (001) 109
The summary 113
Bases of construction of systems of protection of the information 115
Chapter 5. Legislative, methodical and scientific base of functioning of
systems of protection of the information
Subsystem of legal protection (001) 120
The information right (001) 121
The legislation and industrial espionage (011) 125
Protection of the software by the copyright (021) 128
Lacks of the existing standards and recommendations (051) 130
The requirements to the contents of the methodical documents (401) 131
Development of a methodical basis System of protection of the information (001)
132
Some methodical documents, necessary for organization of protection for the
information (001) 132
The is scientific – methodological basis of protection of the information (001)
134
Strategic orientation of protection of the information (001) 135
Tool basis of protection of the information (001) 139
The summary 140
Chapter 6. Mathematical models of systems and processes of protection of the
information
6.1. General characteristic of a problem of synthesis of systems of protection
of the information for IT (001) 143
6.1.1. Problem of a correctness of statement of tasks (001) 144
6.1.2. Research of a subject domain with the purpose of creation of
mathematical model СSystem
of protection of the information. (001) 145
6.1.3. Brief analysis of common models System of protection of the
information(001) 147
6.1.4. General characteristic of mathematical methods of an estimation and
substantiation of the requirements to System of protection of the information
(001) 148
6.2 Basic concepts of the theory of indistinct sets 149
6.2.1 Indistinct sets: definition, property, operation above indistinct sets
149
6.3. Substantiation of a parameter of quality System of protection of the
information157
6.4 Methods of definition of importance of the requirements, showed to System
of protection of the information161
6.5 Methods of construction of function of an accessory (belonging) of the
requirements to System of protection of the information to the given degree of
quality 172
6.5.1 Construction of functions of an accessory on the basis of pair
comparisons [4] 173
6.6 Methods of a choice of rational variant of system of protection of the
information on the basis of the expert information 180
6.7 Methodical recommendations for realization of examination at an estimation
System of protection of the information189
Model of a complex estimation System of protection of the information194
The block of parameters of a BASIS (Oi) 194
The block of parameters of a DIRECTION (Hj) 196
The block of parameters STAGES (Mk) 196
Structure of model of an estimation System of protection of the information196
Technique of an estimation of quality System of protection of the information
on the basis of a matrix of knowledge 202
Linguistic variable 206
Estimation of quality System of protection of the information on the basis of
the analysis of a structure of safety 206
Example of an estimation of quality System of protection of the information207
The literature to chapter 6 213
Chapter 7. Structure and tasks of bodies, carrying out protection of the
information
The list of soluble tasks of a service of information safety 217
Definition of information and technical resources, subject to protection (102)
217
Revealing of complete set potentially of possible (probable) threats and
channels of outflow of the information (202) 218
Realization of an estimation of vulnerability both risks for the information
and resources IT (302) 219
Definition of the requirements to system of protection of the information (402)
220
Realization of a choice of means of protection of the information and their
characteristics (502) 221
Introduction and organization of use of the chosen measures, ways and means of
protection (602) 221
Realization of the control of integrity and management of system of protection
(702) 222
Creation of a service of information safety (002) 222
The typical list of tasks of a service of information safety (002) 223
The legal status of a service (002) 225
Structure of a service of information safety (002) 225
The summary 226
Chapter 8. Policy of information safety
Definition of policy of information safety (003) 229
Principles of policy of safety (003) 230
Kinds of policy of safety (603) 231
Protection of the data by administrative methods (603) 235
Organization of confidential office-work (063) 237
Organization of measures on System of protection of the information (603) 240
Policies of safety for Internet (403) 245
Levels of policy of safety (403) 245
Subject of policy (003) 247
The description of a position of organization (003) 248
Area of application (003) 248
Administrative measures of maintenance of information safety (003) 249
Observance of policy (003) 249
Differentiation of access to objects Web (523) 249
Virtual private (individual) networks (533) 250
Safety of program environment (023) 252
Roles and duties (003) 253
Some remarks concerning Policy of safety 255
Search of the information in Internet (003) 256
Policy of safety for WEB (003) 257
The brief contents of the documents Policy of safety (003) 259
The summary 262
Chapter 9. Программно-technical
methods and means of protection of the information
Services and mechanisms of protection (004) 266
Methods of identification of the users (004) 268
Management of access (004) 270
Confidentiality of the data and messages (004) 272
Maintenance of confidentiality of the messages and, given(data) (004) 272,
Maintenance of integrity of the data and messages (004) 272
Registration and supervision (004) 273
Registration of actions of the users (004) 274
Subsystem of management of keys (004) 276
Method of automatic generation of a return call (004) 278
Method of the cross identification (004) 278
Check of the address of the correspondent (004) 279
Check of a return code (004) 279
The circuit of hand shakes (004) 279
The control of access of the users to resources IT (004) 280
Methods of prevention of a reuse of objects (004) 280
The review of means of protection of the information in IT (004) 281
Means of protection from НСД (004) 282
Analyzers of protocols (004) 282
Tool means of testing of system of protection (004) 284
Gateway screens (004) 285
The general(common) items of information and classification хеш of functions (034) 285
The standards of codes of the messages (034) 287
The digital signatures (004) 293
General(common) definitions and classification of the circuits of the digital
signatures (034) 294
Model of the digital signature with addition (034) 295
Modes of operations of block algorithms of enciphering (034) 302
Mode of the electronic code book 303
Mode of coupling of blocks of the code (034) 304
Mode of a feedback on an output (exit) (034) 310
The summary 313
Directions of creation of systems of protection of the information 317
Chapter 10. Technical protection of the information on objects ИС
Methodical base of technical protection of the information on objects IT (011)
319
Objects IT, information, requiring(demanding) to technical protection, (111).
321
Threats of outflow of the information on technical channels (211) 322
Removal of the information with the help of microphones (211) 322
Dictaphones (211) 325
Removal of the information, transmitted on telephone lines (211) 325
Interception of GSM-communication(GSM-connection) (211) 327
Search of channels of outflow of the information (213) 328
Survey of object (213) 328
Classification of characteristic attributes of radio bookmarks 330
General(common) methodology of search of radio bookmarks 332
Search of radio bookmarks with the help of means of the operative control 334
Search of radio bookmarks with the help of hardware-software complexes 336
Classification of hardware-software search complexes 338
Features of search of radio microphones 339
Check of electronic engineering 342
Transmitters 343
Researches of an opportunity of outflow of the speech information from the
equipment established on object of research by means of transformations 344
Methods of revealing of mortgage devices, connected to telephone lines (510)
344
Parameters of entrance circuits of the HARDWARE, included in a telephone line
for interception of the information with a feed (meal) from a line 344
Parameters of entrance circuits of the HARDWARE, included in a telephone line
for interception of the information with an independent feed(meal) 345
Methods of revealing of mortgage devices, connected lines 346
Detection of signals from mortgage devices in a network 220В 347
Detection of signals in sound ranges 347
Check of objects IT with the help nonlinear lokator 347
The directed suppression of radio-electronic devices 349
Protection of the speech information (610) 351
Electro-acoustic transformations (214) 351
Information at the expense of acoustic transformations (214) 352
Noise an acoustic handicap as a way of protection of the speech information
(514) 353
Complex of protection "Скеля-2" (514) 354
Application " speech " of a handicap (514) 355
The device for protection of telephone lines "Скеля-1" (514) 356
The control of efficiency of used measures and means of protection of the
information (710) 359
Complex of detection and analysis of collateral electromagnetic waver 359
Means of the control of lines 362
The summary 368
Chapter 11. Protection of information and physical objects ИС
Files and databases as information objects of protection (010) 372
Protected files (013) 372
Protection of databases (013) 373
Identification and check of authenticity of the users (710) 376
Threats for СУБД 377
Management of access (750) 378
Maintenance of integrity given (data) in СУБД (724) 381
Protection of the communications between server and clients (730) 384
Protection of resource objects (720) 384
Protection of physical objects IT (710) 387
The security and fire signal system (014) 388
Security video-supervision (514) 392
The summary 399
Chapter 12. Protection of processes and programs
Problems of safety of the software (020) 2
Necessity of protection of the programs of data processing (021) 3
Mechanisms of protection of processes, procedures and programs of data
processing (023) 4
Levels of protection of procedures and programs (021) 6
Protection of operations above computing resources IT (023) 7
Protection of procedures of management (023) 7
Protection of processes and procedures of transfer of the information on
channels of communication (connection) IT (023) 8
Protection of electronic document circulation (023) 11
Methods of maintenance of protection from threats, connected to non-recognition
of participation (023) 12
Legal maintenance of the legal importance of the electronic documents (023) 13
Principles of use of the digital signature for protection of the electronic
documents (023) 13
Protection of operational systems (023) 14
System means authenticate of the user (020) 16
Differentiation of access of the users to resources (023) 17
Means of check of a correctness of a configuration ОС (024) 18
The tool of system audit (720) 18
Network means of protection (024) 19
Protection in network information service (024) 20
The Kerberos-client [024] 20
Safety of the X-appendices (024) 21
Availability, of given (data) (020) 21,
Nucleus of safety ОС
(020) 22
Technologies of a virtual private (individual) network for the corporate users
(020) 24
Economic benefits (020) 25
Realizations of technologies VPN (624) 26
Architecture of VPN-networks (624) 27
The summary 27
Chapter 13. Technologies брандмауэров
Concept firewall (020) 431
Virtual networks (634) 433
The circuits of connection (524) 433
Administration (653) 433
Systems of the tax of statistics and prevention(warning) of attack (654) 433
Authenticate (653) 434
Firewalls - basis System of protection of the information(554) 434
Filters of packages (534) 435
Contextual check (533) 436
Sluices of a level of the appendices and intermediaries (634) 437
Why just firewalls? (054) 438
Protection against vulnerable places in services (024) 439
Controlled access to systems of a network (023) 439
The concentrated safety (023) 439
The raised (increased) confidentiality (023) 439
Recording both statistics of use of a network and attempts of penetration (033)
439
Policy firewall (053) 440
Policy of network access (023) 440
Policy of access to services (023) 441
Policy of the project firewall (053) 441
Flexibility of policy (053) 442
Policy amplified (strengthened) authenticate of the removed users (023) 442
Policy of access through modems (033) 442
Realization Policy of safety (653) 443
Components firewall (054) 443
Principles of functioning firewall 443
Amplified (strengthened) authenticate (054) 445
Filtration of packages (033) 446
Adjustment of rules (033) 447
Problems with a filtration of packages (520) 447
Low cost - weak protection? (624) 448
Sluices of a session level (730) 449
The control of communication (connection) (624) 449
The channel intermediaries (730) 449
The server-intermediaries (750) 450
Addition proxy- server to a sluice (720) 450
Proxy- server information filling (720) 451
Server of a level of connection (730) 452
The comparative characteristics (520) 452
Sluices of an applied level (520) 453
Filtration at an applied level (520) 455
Server of an applied level (620) 456
Gateway screens (750) 459
The summary 461
Chapter 14. Protection of channels of communication (connection)
Cryptographic methods and means of protection of the information (034) 464
The basic items of information about Cryptographic (031) 465
Subsystem Cryptographic of protection (032) 466
The analysis of existing methods Cryptographic of transformations (034) 469
Protection of the data by transfer on channels of communication (connection) IT
(030) 471
Protection of integrity of the messages (734) 473
The protected exchange of the messages (030) 481
The digital signature and digital envelope (534) 481
Yours familiar PGP (534) 482
The protected channels (634) 483
Choice of means of protection of the messages (534) 484
Compatibility of means of protection of the messages (534) 485
Protection of electronic mail (030) 485
Use of files 488
Construction of system ЭП
with the help Messaging Hook Provider 488
Use WINDOWS HOOK 489
Protection against false addresses (030) 491
Protection against interception (030) 492
Correct use of electronic mail (030) 492
Protection of the electronic letters and post systems (030) 492
Examples of policies of safety for electronic mail (030) 492
Storage of the electronic letters (030) 493
Some advice(councils) and recommendations (633) 494
Protection of telephone lines against listening (630) 495
Ways and means of protection of telephone negotiation (030) 502
Means of physical protection of the information (034) 502
Means Cryptographic of protection (034) 505
The summary 506
Chapter 15. Suppression of collateral electromagnetic radiations
Some the term and definitions (041) 509
TEMPEST of technology (041) 510
Problems TEMPEST in computer systems (044) 513
Threats to the information connected with TEMPEST (240) 516
Classical Tempest-attack (241) 516
Soft TEMPEST - new threat (241) 516
Sources of outflow of the information on channels TEMPEST (244) 517
The brief description of threats of outflow of the information on channels
TEMPEST (244) 519
The computer - source of radiations (244) 522
Restoration of the information on electromagnetic radiation of the display
(244) 523 Оптикоэлектронная
TEMPEST-investigation (241) 524
The requirements to generators of noise (444) 524
Systems spatial зашумления of objects ЭВТ
(544) 524
Methods and means of protection from TEMPEST (540) 525
Methods of protection of computers (543) 525
Technologies of TEMPEST-protection (543) 527
Features of TEMPEST-protection in local networks 529
Protection of the information against outflow on circuits of the power supplies
(544) 530
Application of shielding designs (544) 530
Protection of the information against outflow on circuits of grounding (544)
531
Introduction and use of technologies of protection from TEMPEST (640) 531
Measures on protection of the information (643) 531
Traditional to the decisions on protection (544) 534
Organizational measures (643) 537
Preparatory technical measures (643) 538
Technical measures (643) 539
Increase of safety of electromagnetic radiation of the display (544) 542
Problems of protection of personal computers with application of modern
technologies (540) 543
Protection of the active equipment and workstations (644) 543
Safety of electromagnetic radiation of cables of transfer, of given(data) (544)
545,
Protection of the information in circuits of the power supplies of the personal
computer (644) 548
Grounding (644) 552
Estimation of security of the information from outflow on channels TEMPEST
(741) 554
Model of outflow of the information on channels TEMPEST (741) 554
Criterion of protection of the information from outflow on channels TEMPEST
(741) 555
Check of security of the information from outflow on channels TEMPEST (740) 556
The purposes both tasks of special researches and control of efficiency of
measures of counteraction (740) 557
The summary 558
Chapter 16. Management of system of protection
Management of protection (050) 562
Principles of organization and control of system of protection (750) 564
Realization of policy of safety (053) 566
Optimization of a storage and processing of the information (750) 566
The control of the most valuable information 567
Administrative group of management of protection (052) 568
Dangerous events and their prevention (warning) (250) 570
Registration and recording (054) 573
Prevention of threats to the information (650) 577
The users (052) 578
Monitoring of functioning IT (750) 578
System magazine (054) 579
Elimination of infringements (750) 580
Unsuccessful attempts of penetration (052) 581
The password is not necessary (252) 582
Successful attempts of penetration (252) 583
Additional measures of the control (753) 584
Management of protection in the distributed (allocated) networks (750) 585
Management of information flows (050) 585
Management of reliability (050) 586
Management of access (050) 586
Methods of development protected IT (051) 588
Models of management of access (051) 588
Management of mechanisms System of protection of the information(754) 591
Problems of introduction of control systems of access (650) 592
Restrictions of processing (650) 594
Functions of the control and management System of protection of the information(750)
595
The control of a condition of technical protection of the information (750) 595
Functions of protection of a subsystem of management IT (050) 597
Integration of mechanisms of protection IT (650) 597
Management of keys of protection (754) 598
Purpose(assignment), structure and functions of a subsystem of management of
keys (754) 599
Generation and testing of keys of symmetric enciphering (754) 600
The order of distribution of keys of symmetric enciphering (754) 601
Variants of realization of management of keys in System of protection of the
information(754) 603
The summary 603
Stages of construction of systems of protection of the information 605
Chapter 17. It is difficult to make a first step...
Definition of the information subject protection (100) 607
The order of reference of the information to state secret (100) 609
The order by the items of information, making state secret (100) 612
Protection of state secret (100) 613
The admission of the officials and citizens to state secret (100) 614
The items of information, making a trade secret (100) 615
Definition of a degree of privacy of the information (100) 622
Definitions of the items of information, making the confidential information of
the enterprise 623
The summary 627
Chapter 18. Revealing of potential threats and channels of outflow of the
information
Threats to information safety in spheres of activity of the state (200) 630
Versions of threats (200) 631
Threats to safety of the information (200) 631
The analysis of the characteristics of threats and vulnerable places for the
information in IT (200) 634
Threats to safety of the information, IT and subjects of the information
attitudes (relations) 634
Threat (220) 635 whence proceeds
The basic kinds of threats to safety of the subjects of the information
attitudes (relations) 636
The most widespread threats to the information in IT (220) 636
Threats and channels of outflow of the information (200) 637
Classification of threats to the information (200) 638
Classification of possible (probable) channels of outflow of the information
(200) 643
Threats for objects IT (210) 644
The not authorized access to IT (210) 644
Inappropriate access to resources IT (210) 645
Threat of access (210) 646
Threat of the author (210) 646
Threat physical (210) 646
Threat of defect (210) 646
Threat to a trace (210) 647
Threats of the non-authorized access to the information in IT (210) 647
Features НСД (210) 648
Special methods and means of the information (210) 649
Acoustic channels of outflow of the information 649
Threats for processes, procedures and programs of processing of the information
(220) 652
Disclosing, of given (data) (220) 652,
The not authorized updating of the data and programs (220) 652
Threat of functioning (220) 653
Virus threats (220) 653
Virus threats for серверов IT (220) 654
Program bookmarks - threat IT (220) 654
Threats for the information in channels of communication(connection) (230) 655
Disclosing of the traffic IT (230) 655
Substitution of the traffic IT (230) 656
Virus threats for communication units IT (230) 657
Threats, connected to electronic mail (230) [12] 657
Threats to the information, arising at collateral TEMPEST (240) 659
Collateral TEMPEST (240) 659
Interception TEMPEST (240) 659
Sources of outflow of the information on channels TEMPEST (240) 660
The brief description of possible(probable) outflow of the information on
channels TEMPEST 661
Outflow of the information on circuits of grounding 661
Parasitic high-frequency generation (240) 662
Outflow of the information through sources of the power supplies (240) 663
Parameters of an estimation of threats (240) 664
Threats for mechanisms of management of system of protection (250) 664
Destruction of functions System of protection of the information(250) 664
How to carry out(spend) the analysis of threats and channels of outflow of the
information (200) 665
Informal model of the infringer (200) 666
The summary 669
Chapter 19. An estimation of vulnerability and risks
The analysis of risks (300) 672
Development of methodology of an estimation of risk (301) 673
Estimation of damage, connected to realization of threats (300) 674
The analysis cost / efficiency (301) 674
The final document (301) 674
Group of an estimation of risk (302) 674
Elements of management of risk (353) 675
Stage 1 - Definition of a degree of detailed elaboration (311) 676
Stage 2 - Identification and estimation of values (302) 676
Stage 3 - Identification of threats and definition of their probability (204)
677
Stage 4 - Measurement of risk (301) 678
Stage 5 - Choice of measures and means of protection (504) 678
Stage 6 - Introduction and testing of means of protection (604) 679
Stage 7 - Approval of residual risk (301) 680
Techniques of an estimation potentially of possible(probable) threats IT (301)
680
Estimation of damage from threats to safety of the information (301) 680
The model military - means reliable (301) 682
Without damage to "health" IT (301) 684
The summary 690
Chapter 20. The requirements to systems of protection of the information
The general(common) requirements (400) 693
The organizational requirements (400) 695
The requirements to subsystems of protection of the information (400) 696
The requirements to technical maintenance (410) 698
The requirements to the software (420) 698
The requirements on application of ways, methods and means of protection (400)
699
The requirements to documenting (400) 700
The requirements to structure of the design and operational documentation (400)
700
The list of the basic functional tasks, which should decide(solve) System of protection
of the information(400) 702
The technical requirements on protection of the information against outflow on
channels ПЭМИН (440)
702
The requirements on protection against interception ПЭМИН (440) 703
The requirements on protection of system of grounding of object IT (410) 704
The requirements on protection of systems of Electro supply of object IT (410)
704
The summary 706
Chapter 21. Realization of a choice of means of protection
Model IT as object of protection (500) 708
1 Physical level (540) 709
2 Channel levels (level given (data)) (530) 709
3 Network levels (520) 709
4 Transport levels (530) 709
5 Session levels (530) 710
6 Levels of representation, of given (data) (520) 710,
7 Applied levels (520) 710
Architectural questions of construction of safe computer networks (520) 710
Services and mechanisms of a safety of networks on the basis of model ВОС (550) 711
Base services for good safety of computer systems (550) 712
Confidentiality (553) 712
Integrity (553) 713
The control of access (553) 713
Participation (553) 714
Availability (553) 715
Mechanisms of a safety (554) 715
Enciphering (554) 715
Filling of the traffic (534) 715
Management of routing (534) 715
The digital signature (534) 716
Mechanisms of maintenance of the control of access (553) 716
Mechanisms of maintenance of integrity, of given(data) (553) 717,
Confidential (523) 718
Labels of safety (553) 718
The control of safety (553) 718
Use of services of safety 719
Physical level (554) 719
Level of the data (channel) (534) 719
Network level (524) 719
Transport level (534) 720
Session level and level of Representation, of given(data) (530) 720,
Applied level (530) 721
The review of means of protection of the information in IT (500) 721
Means of protection from НСД (514) 722
Analyzers of protocols (524) 722
Tool means of testing of system of protection (554) 723
Gateway screens (554) 723
The summary 726
Chapter 22. Introduction and use of the chosen measures of protection
Choice of the basic decisions on maintenance System of protection of the
information (600) 729
Administrative level of maintenance System of protection of the information
(603) 729
Organizational level of maintenance System of protection of the information
(603) 729
Technological level of maintenance System of protection of the information
(604) 729
Maintenance System of protection of the information at stages of designing IT
(603) 730
The working documentation, concerning to System of protection of the
information(601) 731
System of protection of the information during preparation IT to operation
(620) 731
System of protection of the information at operation IT (650) 732
The contents of works of a stage (403) 732
Organization of work of the personnel (603) 734
Installation and introduction of means of protection (600) 736
The contents and sequence of works on protection of the information (600) 738
Stages of performance of works on creation System of protection of the
information (600) 738
Process of creation of mechanisms of protection IT (600) 743
Construction of system of protection of the information (600) 744
1 stage: definition and analysis of threat (600) 745
2 stages: system engineering of protection of the information (600) 745
3 stages: realization of the plan of protection of the information (600) 746
4 stages: the control of functioning and management of system of protection of
the information (650) 746
The order of realization of works on System of protection of the information
(600) 747
Realization of organizational measures of protection (600) 749
Realization of technical measures of protection (640) 750
Acceptance, definition of completeness and quality of works (640) 752
The summary 752
Chapter 23. The control of integrity and management System of protection of the
information
The control of work of the users (700) 755
Management of access to workplaces in IT (750) 755
Organization of access for work in IT (750) 755
Registration of the users (750) 755
Management of the privileges (750) 756
Management of the user passwords (750) 756
Reconsideration of the rights of access of the users (750) 756
Use of the password (750) 757
The user equipment left without supervision (750) 757
Observation of an idle time of terminals (750) 758
Restriction of the period of connection (750) 758
Restriction of access to services (754) 758
Management of access to services (720) 759
Electronic mail (730) 759
Systems of electronic document circulation (720) 759
Management of access to the appendices (720) 759
Use of the system programs (720) 760
Management of access to libraries of the initial texts of the programs (720)
760
Isolation of vulnerable places in protection IT (720) 761
Observation of events, representing threat System of protection of the
information (350) 761
Registration of events (350) 761
Tracking use of services (750) 761
Service of safety (720) 762
Protection of integrity of the data and programs from of the software (720) 762
Protection against viruses (720) 762
The control of a condition of safety IT (700) 763
Systems detection of attacks (750) 764
Consulting in information safety (750) 768
Test on overcoming of protection (750) 768
Audit (750) 769
Inspection (750) 770
How to choose the company (750) 771
The summary 774
Chapter 24. Certification IT and its(her) components under the requirements of
information safety
The basic functions of a body of certification (700) 777
That such the certificate of safety (700) 778
The certificate and economic aspects of safety (700) 779
Risks of application of means of protection without the certificates (700) 780
Correctness (701) 780
Efficiency (701) 781
Criterion of safety (700) 781
Functions of protection (704) 781
Quality of protection (701) 782
Levels of a correctness (701) 783
Certification of production (700) 783
Process of certification (700) 785
The order of preparation and realization of certification (700) 787
Certification of the software on conformity to the requirements of safety (720)
788
Typical algorithm of tests on conformity to the requirements of safety (720)
790
The analysis of the requirements of the customer to on conformity to the
requirements of safety (720) 791
The analysis of a source of reception ON (720) 791
The analysis of conditions of prospective application ON (720) 792
The requirements to maintenance of tests (720) 793
Features of tests (720) 793
Processing of results of tests (720) 794
Acceptance of the decision on satisfaction UNDER the given requirements (720)
795
The protocol of realization of tests (720) 795
The summary 795
The decisions and means of protection of the information
Chapter 25. The decisions
Architecture of system of protection of the information for АС 799
Purpose (assignment) System of protection of the information 799
Means and mechanisms of maintenance of functional services of safety 801
Model of the protected system 801
Architecture System of protection of the information 803
The automated hardware-software complex of detection and analysis of collateral
electromagnetic radiation "астра-in" 807
Advantages of a complex 810
Safety of the structured cable systems (СКС) 810
Control facilities СКС
812
Symantec Enterprise Security 814
Multilevel products for good safety of enterprises 814
The decisions in the field of management and administration 815
Anti-virus technologies and Information system Symantec (Digital Immune System)
815
Cisco PIX Firewall 817
The basic properties 818
The basic advantages 819
Intranet Ware Border Services 821
Internet Scanner 822
Secure Computing 823
Complex of means of protection of the information from the non-authorized
access "Signature Stamp" 824
Real Secure 824
Auto Secure 825
The device for protection of telephone lines "Скеля-1" 826
Joint-stock company " Institute of information technologies " 827
System of protection of the information system "client - bank" 827
Multilevel system of protection of the information (System of protection of the
information) for the decision of tasks of protection in computer systems 828
Personal computers "Expert" with protection of the information 829
The computer in the protected execution(performance) 830
Station of complex maintenance service of stores on rigid magnetic disks (СКТОНЖМД) 833
Complex of means of protection "signature stamp - мережа" 834
Complex "signature stamp - мережа" realizes the following functions: 834
Into structure of a complex "signature stamp - мережа" enter: 835
System "Мираж"
836
System of the protected electronic mail "Бриз" 839
The general(common) items of information 839
Structure of system includes software: 839
Functions of software of system "Бриз" 840
Functional structure of a complex of means of protection 842
Technology of work 842
The decisions on a safety of corporate information systems from the company
Tech Expert 843
Estimation of security of information system 843
Protection against external intrusion 843
Maintenance of safe connection of the removed users to information resources of
the enterprise 844
Maintenance of the appropriate level of access to resources of the enterprise
for the partners and customers 844
Organization of safe access of the users 844
Maintenance of confidential correspondence on electronic mail 844
Maintenance of safe work of the users 844
Protection of the transmitted data against interception, change and destruction
845
Realization of the protected wireless networks 845
The maintenance of a network in a condition, at which is provided a maximum
level of safety 845
Training of the IT-experts to technologies of construction of the corporate
protected networks 845
Chapter 26. Means of protection of the information
Scanning receivers 847
Search engineering 859
Search engineering 860
Protection of the information 875
Sound recording 880
Customs engineering 891
Systems of video supervision 892
Professional devices of night vision 893
The appendix А. the
Description of elements of a matrix 895
