| Integrated information security.
UKOV Vyacheslav Sergeevich, INTEGRAL INFORMATION PROTECTION Today, security experts place great hopes on the introduction of new information technologies, electronic means of protection and methods of ensuring security. It has become possible to significantly increase the efficiency of security systems using the concept of integrated security,the main meaning of which is the need to ensure such a state of the conditions of functioning of a person, objects and information, in which they are reliably protected from all real types of threats during the continuous production process and life activities. This article provides an analytical review of the state and prospects for the development of the modern Russian market of technologies, means and services for integrated information protection. One of the main trends in the development of science and technology, including special equipment, is the process of integration. This process affected such major modern areas as electronics, cybernetics, telecommunications and their active market segments, including technical means of communication and information protection. The ultimate goal of integrated information protection is to create conditions under which it will be impossible to intercept, modify or destroy information, and the protection action must be continuous both in time and in space. The process of integrated information protection is shown in Fig. 1.
In the process of integral information protection, all necessary means of protection are used, and not only information security means. A graphical interpretation of the location of market segments in the case of integral information protection is shown in Fig. 2.
Fig. 2. Graphic interpretation of the location of market segments for integrated information protection. One of the main requirements of modern protection is a systemic approach, therefore, when identifying technical channels of information leakage, it is necessary to consider the entire set, including the main equipment of technical means of information processing, end devices, connecting lines, distribution and switching devices, power supply systems, grounding systems, etc. To prevent leaks and ensure integrated protection of information, the modern Russian market today offers a wide choice of protection tools in terms of nomenclature, quality, and price. And in order to make the right choice, you must, at a minimum, know what to choose from. Using a systems approach, we will analyze the market of integrated information protection tools (SISS) and security services (SSS) “from the general to the specific” according to the following scheme:
The role and place of information security tools in the overall structure of the security tools market The range, volume and cost are dynamic (constantly changing) market parameters, so they require mandatory reference to time. For example, Fig. 3 shows the volumes of segments of the Russian market for security tools and systems as of the first quarter of 2002, from which it is clear that the segment of information security toolsoccupies only 6% of the security equipment market. However, to ensure integrated information protection, it is necessary to use technical means from other market segments, in particular, access control, video surveillance, security, etc. It should also be noted that this division (classification of market segments) is carried out very conditionally, since to build an integrated information protection system, it is necessary to use means from almost all market segments. Therefore, at present, there is no officially accepted and standardized classification of information protection tools. However, for conducting a comparative analysis, classification is a necessary element of the analysis.
Classification of information protection tools In conducting further analysis, a classifier model was used, which is based on the principle of the tasks being solved, taking into account which six classes of technical means of integrated information protection were identified. Moreover, the first four classes (control of access to information, closed communication, detection and blocking of threats) are the main classes, and the fifth class represents auxiliary means of information protection. All other means are presented in the sixth class. Using the considered classifier, Fig. 4 shows a possible classification of integrated information protection means offered by the Russian market as of the third quarter of 2002.
By integrally assessing the methods and means of obtaining and protecting information in typical situations, we can conclude that at present the main direction of counteracting information leakage is the comprehensive provision of physical (technical means, communication lines, personnel) and logical (operating system, application programs and data) protection of information resources. In this case, security is achieved by using hardware, software and cryptographic methods and means of protection, as well as a complex of organizational measures. Analysis of the main classes of information security equipment The results of the analysis of the main classes of the modern market of technical means of integrated information protection, taking into account the classification presented above, are presented in Table 1. Table 1. Technologies and means of integrated information protection
As can be seen from the table, in order to implement effective integrated protection, in addition to the means of protecting information (closed communication), it is also necessary to use the means of all other main classes (ACS, SOU, SBU). This is the main difference between the integrated approach to information protection. In addition, based on the results of the analysis, market segments can be identified from each class that are currently the most dynamic, promising and that deserve a more detailed comparative analysis. These are, first of all:
Comparative analysis of some promising SISI We will consider in more detail the features of the market for integrated information protection tools using examples of market segments that are the most dynamic and promising. Moreover, given the limited volume of the article, we will select one of the most active subclasses of technical tools from each class for analysis (in Fig. 4, they are all highlighted in bold).
Biometric information protection tools At present, the domestic industry and a number of foreign companies offer a fairly wide range of various means of monitoring and managing access to information, as a result of which the choice of their optimal combination for use in each specific case becomes an independent problem. In the market, such means are better known as biometric means of information protection (BSIP). By their origin, both domestic and imported BSIP are currently presented on the Russian market, although there are also jointly developed means. According to design features, we can note means made in the form of a monoblock, several blocks and in the form of attachments to computers. A possible classification of BSIP presented on the Russian market by biometric features, operating principles and implementation technology is shown in Fig. 5.
The main biometric means of information security provided today by the Russian security market are presented in Table 2. Table 2. Modern biometric means of information security
As can be seen from the table, biometric access control tools are currently being actively introduced into the Russian security market. The most widely used biometric information security systems currently use fingerprint identification.. The analysis shows that the modern capabilities of biometric technologies already today provide the necessary requirements for identification reliability, ease of use and low cost of equipment for protecting information transmitted over telecommunication networks. The sale of biometric attachments to computers at prices of about $100 and below provides good prerequisites for significant activation of new electronic technologies, including electronic commerce. Thus, the conducted analysis of the Russian market of biometric information security tools has clearly shown that biometric technology is the latest achievement in the field of identification, already today it allows implementing the most reliable methods of information protection and is one of the most promising for the coming years. Network Security Tools This segment is the main one in the Russian market of integrated information protection tools. Traditionally, it relies on the achievements of cryptographic technologies, which provide guaranteed protection of any information. However, due to the specific features of the creation, testing and operation of cryptographic tools, these tools are very conservative, rarely modernized, their nomenclature is quite narrow. This is evidenced by at least the fact that the only currently commercial Russian algorithm GOST 28147-89 (89) is still a universal algorithm for cryptographic data protection for both large information systems and local area networks and autonomous computers. This algorithm is used by both government and commercial structures. A significant revival of this market segment became possible with the introduction of new information technologies, such as steganography, the Internet, mobile networks, etc. Especially dynamically in recent times have begun to develop technologies and tools network protection. New information technologies have made it possible today to create a whole range of necessary instrumental means for implementing protection mechanisms. Here, instrumental means will be understood as software, hardware, and software-hardware means, the functional content of which allows for the effective solution of the set tasks of information protection. The modern market offers a fairly wide range of technical means of network security control, the main ones of which are presented in Fig. 6.
The implementation of mechanisms for protecting against attacks in modern networks is provided by firewalls (FW). This class of tools analyzes all incoming and outgoing traffic, compares it with the data of the database of typical attacks and security rules settings, and only then sends it to the recipient. Attack attempts from both the external network and the local network are logged. The settings and functions of the firewall management are made from the network administrator's workstation. In this area, we can note the effective developments of the Network-1 company (multiprotocol firewall/Plus) and the Netroad company with a built-in IPX/IP gateway). Automating the processes of OS settings is helped by security audit systemsserver platforms. For example, the OmniGuard/Enterprise Security Manager system from Axent is designed to analyze and control the security level of heterogeneous Netware, Windows NT, and Unix networks. The main purpose of the system is to search for vulnerabilities in current OS settings that can be used by an intruder to obtain unauthorized data. The system automatically analyzes network settings and monitors changes that have occurred since the previous analysis. The main disadvantage of classic audit systems is that a certain amount of time passes between the recording of an event and its analysis. Real-time security audit systems, such as Axent's OmniGuard/Enterprise Security Manager, operate on a fundamentally different scheme. The main purpose of such systems is effective, round-the-clock and year-round monitoring of network security and audit in real time. It is known that most attacks are associated with their users. Therefore, protection of workstations from NSD with functions of delimitation of rights and logging of user actions, with antivirus protection is a necessary element of ensuring comprehensive security. Among modern means of protection from NSD, one can note the software and hardware complex Dallas Lock for Administrator using electronic identifiers iButton (Touch Memory) or Proximity cards. The same complex performs configuration and management, protocol analysis, viewing of workstation screens and much more. As a rule, modern tools are built on the basis of software and hardware technologies. Currently, tools are most widely used in the following areas: test generation, threat simulation, program text analysis. The methods of using test generators are quite well developed and are widely used in testing the functionality of information systems (IS). Generators of stochastic testsare effectively used, first of all, in the study of the quality and reliability of the functioning of the information system. In the application to the analysis of information technology (IT) security, targeted test generators are more convenient. In addition to testing functional security mechanisms, the area of application of test generators is also the analysis of program texts for detection of undeclared capabilities and embedded elements. Threat simulatorsare intended for full-scale modeling of the impact of typical threats on IT. Threat simulators are used to test mechanisms against software viruses, screening means against penetration from external computer networks, etc. The most complex area of application of instrumental means is the study of undeclared IT capabilities, the search for embedded devices and the analysis of vulnerabilities in software. Static and dynamic analyzers are used to automate the study of program source texts. Static analyzersare designed to assess the correctness of the program construction structure, identify sections of program code that are not addressed, establish entry and exit points from programs that are not provided for in specifications, check the completeness of the description and use of program variables, search for special program constructs that can be identified as program bookmarks. Dynamic analyzersare used to trace program execution, identify critical paths, and assess the completeness of coverage of possible program branches during functional testing. Creating source code analyzers of programs is a complex task. Experience in using program analyzers has shown their exceptionally high efficiency. The time required to analyze programs is reduced by almost an order of magnitude, the results of the analysis are documented, which ensures their control and, if necessary, repetition. Constant changes in the network status (emergence of new workstations, reconfiguration of their software, etc.) can lead to the emergence of new threats and vulnerabilities in the security system. In this regard, it is especially important to timely identify them and make changes to the corresponding settings of the complex and its subsystems (including the security subsystem). Special means of analyzing its security can help in this case. They allow you to quickly check tens and hundreds of geographically dispersed network nodes. At the same time, they not only identify most threats and vulnerabilities of the information system, but also offer recommendations to the security administrator on how to eliminate them. Such software (SW), called a security scanner, essentially reproduces the actions of a hacker, simulating all sorts of attacks on network resources and identifying vulnerabilities in the tested system before the hacker discovers them. It should be noted that most of the network protection tools discussed above are of foreign origin and, as a rule, cannot be used to protect state secrets. In this regard, active work is currently underway to create domestic network protection tools. At present, the Russian market in the area of network protection is still developing. However, three main fragments of the network protection market can already be distinguished: firewalls, network analysis tools, and universal tools for organizing VPNs (virtual private networks). Considering that the last market fragment is of the greatest interest and, as a rule, contains the tools of the two previous ones, Table 3 presents the main features of VPN tools and solutions. Table 3. Main features of VPN tools and solutions Thus, at present, software and hardware tools are very effective and promising for use in computer networks. The use of modern achievements allows us to ensure the required level of security, but for this it is necessary to fulfill a number of conditions, including ensuring a systematic approach, continuity of control, continuous improvement of the security system, and the use of certified security tools. Table 4 lists the main FAPSI-certified information security tools. Table 4. FAPSI-certified information security tools
READ THE CONTINUATION OF THE ARTICLE IN THE NEXT ISSUE |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
