Integral information security.. Article updated in 2023.

integralnaya zashita informacii
Integrated information security.

UKOV Vyacheslav Sergeevich,
Candidate of Technical Sciences

INTEGRAL INFORMATION PROTECTION

Today, security experts place great hopes on the introduction of new information technologies, electronic means of protection and methods of ensuring security. It has become possible to significantly increase the efficiency of security systems using the concept of integrated security,the main meaning of which is the need to ensure such a state of the conditions of functioning of a person, objects and information, in which they are reliably protected from all real types of threats during the continuous production process and life activities. This article provides an analytical review of the state and prospects for the development of the modern Russian market of technologies, means and services for integrated information protection.

One of the main trends in the development of science and technology, including special equipment, is the process of integration. This process affected such major modern areas as electronics, cybernetics, telecommunications and their active market segments, including technical means of communication and information protection. The ultimate goal of integrated information protection is to create conditions under which it will be impossible to intercept, modify or destroy information, and the protection action must be continuous both in time and in space. The process of integrated information protection is shown in Fig. 1.


Fig. 1. Integral information protection

In the process of integral information protection, all necessary means of protection are used, and not only information security means. A graphical interpretation of the location of market segments in the case of integral information protection is shown in Fig. 2.

integralnaya zashita informacii 2
a) distribution of funds for traditional protection
integralnaya zashita informacii 3
b) distribution of funds for integrated protection

Fig. 2. Graphic interpretation of the location of market segments for integrated information protection.

One of the main requirements of modern protection is a systemic approach, therefore, when identifying technical channels of information leakage, it is necessary to consider the entire set, including the main equipment of technical means of information processing, end devices, connecting lines, distribution and switching devices, power supply systems, grounding systems, etc.

To prevent leaks and ensure integrated protection of information, the modern Russian market today offers a wide choice of protection tools in terms of nomenclature, quality, and price. And in order to make the right choice, you must, at a minimum, know what to choose from.

Using a systems approach, we will analyze the market of integrated information protection tools (SISS) and security services (SSS) “from the general to the specific” according to the following scheme:

  • defining the place of SISS in the general structure of the Russian market of security tools;
  • classification of SISS;
  • analysis of the main classes of SISS;
  • comparative analysis of promising SISS;
  • security services;
  • determining trends in the development of information security tools and services.

The role and place of information security tools in the overall structure of the security tools market

The range, volume and cost are dynamic (constantly changing) market parameters, so they require mandatory reference to time. For example, Fig. 3 shows the volumes of segments of the Russian market for security tools and systems as of the first quarter of 2002, from which it is clear that the segment of information security toolsoccupies only 6% of the security equipment market. However, to ensure integrated information protection, it is necessary to use technical means from other market segments, in particular, access control, video surveillance, security, etc. It should also be noted that this division (classification of market segments) is carried out very conditionally, since to build an integrated information protection system, it is necessary to use means from almost all market segments. Therefore, at present, there is no officially accepted and standardized classification of information protection tools. However, for conducting a comparative analysis, classification is a necessary element of the analysis.

integralnaya zashita informacii 5
Fig. 3. Segments of the Russian security equipment market
(data based on the results of the forum “Security Technologies – 2002”)

Classification of information protection tools

In conducting further analysis, a classifier model was used, which is based on the principle of the tasks being solved, taking into account which six classes of technical means of integrated information protection were identified. Moreover, the first four classes (control of access to information, closed communication, detection and blocking of threats) are the main classes, and the fifth class represents auxiliary means of information protection. All other means are presented in the sixth class. Using the considered classifier, Fig. 4 shows a possible classification of integrated information protection means offered by the Russian market as of the third quarter of 2002.

integralnaya zashita informacii 7
Fig. 4. Classification of means and systems of integrated information protection

By integrally assessing the methods and means of obtaining and protecting information in typical situations, we can conclude that at present the main direction of counteracting information leakage is the comprehensive provision of physical (technical means, communication lines, personnel) and logical (operating system, application programs and data) protection of information resources. In this case, security is achieved by using hardware, software and cryptographic methods and means of protection, as well as a complex of organizational measures.

Analysis of the main classes of information security equipment

The results of the analysis of the main classes of the modern market of technical means of integrated information protection, taking into account the classification presented above, are presented in Table 1.

Table 1. Technologies and means of integrated information protection

Name of technical
means
Brief description of the means Notes:
1. Purpose, recommendations for use
2. Analogues available on the market

1. Information access control and management tools

Secret Net 1.0 (2.0) Unauthorized access protection device (UAPD) 1. To protect a PC from unauthorized access
2. SIZAM, STRAZH-1, AKKORD, SKIP
Electronic keys based on HASP technology Means of preventing unauthorized copying and NSD 1. For corporate terminals and automated networks
Identifiers based on Touch Memory Means of protection against unauthorized access to information 1. To protect against unauthorized access to information
2. Kulon-1, etc.
Holographic tags based on Advateg technology Means of identification of the authenticity of an object and control of unauthorized access 1. Special thin-film materials with a variable color gamut
SFM-2000A mouse Fingerprint device for access to a computer 1. For protection against unauthorized access to computer information
2. Dakto, BioMause

2. Closed communication facilities

VERBA-O Electronic   digital signature systems 1. For identification of information during its transmission via communication channels
2. MASQUERADE, NOTARY
BASALT Voice information protection device 1. To protect speech information from leakage
2. UZTP, AKTP, AT-2400, OREKH-A
SPRINT Encoder (up to 10 Mbit/s) 1. Cryptoprotection
2. KRYPTON, GRAD, ANKRIPT, FAX-KRYPTO
AncVoiceCoder-2400 Protected telephone set 1. For guaranteed protection of telephone conversations
2. AT-2400, OREKH-A, Fractal, etc.
LAZUR Special software for speech analysis and processing 1. For signal cleaning and setting steganographic markers
SHIP IP Stream Encryptor cryptocomplex 1. For organizing VPN networks
2. Zastava, Net-PRO, ViPNet, Tropa, Continent-K
Zastava-Jet Firewall 1. For protecting communication networks
2. FireWall/Plus

3. Threat detection tools

RODNIK-23M Non-linear radar 1. For searching for radio and video bugs
2. OKTAVA, OB, LOTUS, NR
FILIN Program for detecting means of covert information retrieval 1. For searching for leak channels
2. SEDIF SCAUT, SEDIF PLUS
ARK-SK Automated radio monitoring complex 1. For searching for leak channels
2. OSC-5000, RS1200 turbo
RS2020 Automated complex for measuring PEMIN 1. For searching for PEMIN
2. NAVIGATOR, ARK-D (PC)
ST032 Multifunctional search device 1. For searching for leak channels
2. CPM-700
RICH-3 Hand-held frequency meter 1. To search for radio bookmarks
2. Scanner-2, Osa, D006, SEL-VNV
SCORPION-2 Near-field receiver 1. For searching for radio bugs
2. MRA-3, RF-850

4. Threat blocking tools

GSh-1000,
GSh-1000k
Autonomous noise generator
PC-integrated noise generator
1. For PCs, subscriber stations and network centers
2. SMOG, GNOM-3, GROM-ZI-4, VOLNA, BARRICADE-1
PHASE-1-5,PHASE-1-10 Network interference suppression filters 1. For blocking PEMIN
2. SFP-60-4, FSPK-100 (200)
Sonata-S1, Sonata-AV Devices for protection against spurious radiation 1. Protection against leakage via network and vibroacoustic channels
2. GNOM-3, STORM
CORUND Device for protection against interception of speech information via telephone 1. For protection against leakage via telephone
2. BARRIER-3, PROTON, STO-24
Safety-certified

means

Modified or specially assembled computing means 1. For subscriber stations and information processing centers
GRANITE Device for leakage protection by auxiliary means 1. For auxiliary means in categorized rooms
2. KORUND, GRAN-300, MP-1A
OFFICE Vibration and acoustic protection system 1. For protection against speech information leakage
2. ZASLON, VNG-006, ANG-2000, Skit-MVA
STORM Device for protection against unauthorized

recording on voice recorders

1. For blocking unauthorized recording on voice recorders
2. RUBEZH-1, BURAN-2, TRD-017, SHUMOTRON, BASTION
SEL SP-23 Cell phone blocker 1. For blocking leaks via mobile communication channels
2. RS jammer, GAMMA, Moskit, Skit-MP
STEK Device for storing and guaranteed destruction of magnetic recordings (information safe) 1. For emergency destruction of information located on magnetic media
LADYA Acoustic safe 1. For protecting speech information from covert activation of a mobile phone
ECHO Device for acoustic protection of premises 1. For acoustic protection of premises from technical means of information collection.
2. Skit-AR, etc.

As can be seen from the table, in order to implement effective integrated protection, in addition to the means of protecting information (closed communication), it is also necessary to use the means of all other main classes (ACS, SOU, SBU). This is the main difference between the integrated approach to information protection. In addition, based on the results of the analysis, market segments can be identified from each class that are currently the most dynamic, promising and that deserve a more detailed comparative analysis. These are, first of all:

  • biometric identification means;
  • network protection means;
  • non-linear locators;
  • mobile phone blockers;
  • computer polygraphs.

Comparative analysis of some promising SISI

We will consider in more detail the features of the market for integrated information protection tools using examples of market segments that are the most dynamic and promising. Moreover, given the limited volume of the article, we will select one of the most active subclasses of technical tools from each class for analysis (in Fig. 4, they are all highlighted in bold).

Biometric information protection tools

At present, the domestic industry and a number of foreign companies offer a fairly wide range of various means of monitoring and managing access to information, as a result of which the choice of their optimal combination for use in each specific case becomes an independent problem. In the market, such means are better known as biometric means of information protection (BSIP). By their origin, both domestic and imported BSIP are currently presented on the Russian market, although there are also jointly developed means. According to design features, we can note means made in the form of a monoblock, several blocks and in the form of attachments to computers. A possible classification of BSIP presented on the Russian market by biometric features, operating principles and implementation technology is shown in Fig. 5.

integralnaya zashita informacii 9
Fig. 5. Classification of modern biometric means of information security

The main biometric means of information security provided today by the Russian security market are presented in Table 2.

Table 2. Modern biometric means of information security

Name Manufacturer Biosign Note
“SACcat” SAC Technologies Finger skin pattern Computer attachment
“TouchLock”, “TouchSafe”, “TouchNet” Identix Finger skin pattern Object ACS
“Eye Dentification System 7.5” Eyedentify Retina pattern Object ACS (monoblock)
“Ibex 10” Eyedentify Eye retina pattern Object ACS (port. camera)
“eriprint 2000” Biometric Identification Finger skin pattern Universal ACS
“ID3D-R Handkey” Recognition Systems Palm pattern SKD universal
“HandKey” Escape Palm of the hand SKD universal
“ICAM 2001” Eyedentify Retina of the eye SKD universal
“Secure Touch” Biometric Access Corp. Finger skin pattern Computer Attachment
“BioMouse” American Biometric Corp. Fingerprint Pattern Computer Attachment
“Fingerprint Identification Unit” Sony Fingerprint Pattern Computer Attachment
“Secure Keyboard Scanner” National Registry Inc. Finger skin pattern Computer attachment
“Rubezh”” NPF “Kristall” Signature dynamics, voice spectrum Computer attachment
“Dactochip Delsy” Elsis, NPP Electron (Russia), Opak (Belarus), P&P (Germany) Finger skin pattern Computer attachment
“BioLink U-Match Mouse”; “SFM-2000A Mouse” BioLink Technologies Finger skin pattern Standard mouse with built-in fingerprint scanner
Biometric computer information protection system “Dacto” JSC “Chernigov Radio Equipment Plant” Biologically active points and papillary lines of the skin Separate block
Biometric control system “Iris Access 3000” LG Electronics, Inc Iris pattern Integration with card reader

As can be seen from the table, biometric access control tools are currently being actively introduced into the Russian security market. The most widely used biometric information security systems currently use fingerprint identification.. The analysis shows that the modern capabilities of biometric technologies already today provide the necessary requirements for identification reliability, ease of use and low cost of equipment for protecting information transmitted over telecommunication networks. The sale of biometric attachments to computers at prices of about $100 and below provides good prerequisites for significant activation of new electronic technologies, including electronic commerce. Thus, the conducted analysis of the Russian market of biometric information security tools has clearly shown that biometric technology is the latest achievement in the field of identification, already today it allows implementing the most reliable methods of information protection and is one of the most promising for the coming years.

Network Security Tools

This segment is the main one in the Russian market of integrated information protection tools. Traditionally, it relies on the achievements of cryptographic technologies, which provide guaranteed protection of any information. However, due to the specific features of the creation, testing and operation of cryptographic tools, these tools are very conservative, rarely modernized, their nomenclature is quite narrow. This is evidenced by at least the fact that the only currently commercial Russian algorithm GOST 28147-89 (89) is still a universal algorithm for cryptographic data protection for both large information systems and local area networks and autonomous computers. This algorithm is used by both government and commercial structures. A significant revival of this market segment became possible with the introduction of new information technologies, such as steganography, the Internet, mobile networks, etc. Especially dynamically in recent times have begun to develop technologies and tools network protection.

New information technologies have made it possible today to create a whole range of necessary instrumental means for implementing protection mechanisms. Here, instrumental means will be understood as software, hardware, and software-hardware means, the functional content of which allows for the effective solution of the set tasks of information protection. The modern market offers a fairly wide range of technical means of network security control, the main ones of which are presented in Fig. 6.

integralnaya zashita informacii 10
Fig. 6. Technical means of monitoring the level of network security

The implementation of mechanisms for protecting against attacks in modern networks is provided by firewalls (FW). This class of tools analyzes all incoming and outgoing traffic, compares it with the data of the database of typical attacks and security rules settings, and only then sends it to the recipient. Attack attempts from both the external network and the local network are logged. The settings and functions of the firewall management are made from the network administrator's workstation. In this area, we can note the effective developments of the Network-1 company (multiprotocol firewall/Plus) and the Netroad company with a built-in IPX/IP gateway).

Automating the processes of OS settings is helped by security audit systemsserver platforms. For example, the OmniGuard/Enterprise Security Manager system from Axent is designed to analyze and control the security level of heterogeneous Netware, Windows NT, and Unix networks. The main purpose of the system is to search for vulnerabilities in current OS settings that can be used by an intruder to obtain unauthorized data. The system automatically analyzes network settings and monitors changes that have occurred since the previous analysis.

The main disadvantage of classic audit systems is that a certain amount of time passes between the recording of an event and its analysis. Real-time security audit systems, such as Axent's OmniGuard/Enterprise Security Manager, operate on a fundamentally different scheme. The main purpose of such systems is effective, round-the-clock and year-round monitoring of network security and audit in real time.

It is known that most attacks are associated with their users. Therefore, protection of workstations from NSD with functions of delimitation of rights and logging of user actions, with antivirus protection is a necessary element of ensuring comprehensive security. Among modern means of protection from NSD, one can note the software and hardware complex Dallas Lock for Administrator using electronic identifiers iButton (Touch Memory) or Proximity cards. The same complex performs configuration and management, protocol analysis, viewing of workstation screens and much more.

As a rule, modern tools are built on the basis of software and hardware technologies. Currently, tools are most widely used in the following areas: test generation, threat simulation, program text analysis.

The methods of using test generators are quite well developed and are widely used in testing the functionality of information systems (IS). Generators of stochastic testsare effectively used, first of all, in the study of the quality and reliability of the functioning of the information system. In the application to the analysis of information technology (IT) security, targeted test generators are more convenient. In addition to testing functional security mechanisms, the area of ​​application of test generators is also the analysis of program texts for detection of undeclared capabilities and embedded elements.

Threat simulatorsare intended for full-scale modeling of the impact of typical threats on IT. Threat simulators are used to test mechanisms against software viruses, screening means against penetration from external computer networks, etc.

The most complex area of ​​application of instrumental means is the study of undeclared IT capabilities, the search for embedded devices and the analysis of vulnerabilities in software.

Static and dynamic analyzers are used to automate the study of program source texts. Static analyzersare designed to assess the correctness of the program construction structure, identify sections of program code that are not addressed, establish entry and exit points from programs that are not provided for in specifications, check the completeness of the description and use of program variables, search for special program constructs that can be identified as program bookmarks. Dynamic analyzersare used to trace program execution, identify critical paths, and assess the completeness of coverage of possible program branches during functional testing.

Creating source code analyzers of programs is a complex task. Experience in using program analyzers has shown their exceptionally high efficiency. The time required to analyze programs is reduced by almost an order of magnitude, the results of the analysis are documented, which ensures their control and, if necessary, repetition.

Constant changes in the network status (emergence of new workstations, reconfiguration of their software, etc.) can lead to the emergence of new threats and vulnerabilities in the security system. In this regard, it is especially important to timely identify them and make changes to the corresponding settings of the complex and its subsystems (including the security subsystem). Special means of analyzing its security can help in this case. They allow you to quickly check tens and hundreds of geographically dispersed network nodes. At the same time, they not only identify most threats and vulnerabilities of the information system, but also offer recommendations to the security administrator on how to eliminate them. Such software (SW), called a security scanner, essentially reproduces the actions of a hacker, simulating all sorts of attacks on network resources and identifying vulnerabilities in the tested system before the hacker discovers them.

It should be noted that most of the network protection tools discussed above are of foreign origin and, as a rule, cannot be used to protect state secrets. In this regard, active work is currently underway to create domestic network protection tools.

At present, the Russian market in the area of ​​network protection is still developing. However, three main fragments of the network protection market can already be distinguished: firewalls, network analysis tools, and universal tools for organizing VPNs (virtual private networks). Considering that the last market fragment is of the greatest interest and, as a rule, contains the tools of the two previous ones, Table 3 presents the main features of VPN tools and solutions.

Table 3. Main features of VPN tools and solutions

Thus, at present, software and hardware tools are very effective and promising for use in computer networks. The use of modern achievements allows us to ensure the required level of security, but for this it is necessary to fulfill a number of conditions, including ensuring a systematic approach, continuity of control, continuous improvement of the security system, and the use of certified security tools. Table 4 lists the main FAPSI-certified information security tools.

Table 4. FAPSI-certified information security tools

Name Type Developer (supplier) Note
Software and hardware complex for information security (ZI) “Verba” MO PNIEI Developed for the Yantar-MCI, Yantar-ASBR
Software and hardware complex ZI “SHIP” MO PNIEI For encryption of IP streams
Cryptographic tool ZI “Krypton” Ankad Company Guaranteed ZI
Cryptographic tool ZI “Cripton Lite” Ankad Company Ditto
Cryptographic tool ZI “CryptoPro CSP” Crypto-Pro Company Ditto
Cryptographic tool ZI “Continent-K” ZAO “Informzashita” Ditto
ZI cryptographic tool “Domain-K” “InfoTeKS” Ditto
ZI cryptographic tool “Crypto-COM” ZAO “Signal-COM” Ditto
ZI cryptographic tool “Bicrypt-KSB” InfoCrypt Company Ditto
ZI cryptographic tool “AP ZEP-Win” “Factor-TS”, InfoCrypt Company Ditto
ZI cryptographic tool “CyberDog” ZAO “Ankort” Ditto
Firewall “Citadel ME” “ELKO Technologies SPb” Blocking NSD in the network
Electronic lock “Sobol” CJSC “Informzashita” Blocking NSD to the computer
Firewall “Zastava-Jet” CJSC “Information systems Jet” Blocking NSD in the network
Firewall control and encryption modules “FPSU-IP” State Unitary Enterprise “STC “Atlas” For encryption of streams in IP networks
Electronic lock “Akkord-AMDZ” OAO “OKB SAPR” Blocking NSD to the computer
Scrambler “Orekh-A” Firm “Ankad” ZI in the communication channel
Scrambler “SCR” TsBI “Maskom” Ditto
Scrambler “STA-1000 M” FGUP “Kalugapribor” Ditto

READ THE CONTINUATION OF THE ARTICLE IN THE NEXT ISSUE

ik

Passive IR sensors for security alarms

Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять