Plan:
Introduction……………………………………………………………………………….…..3
1. The concept of anti-virus information protection tools…………...…5
2. Classification of anti-virus programs……………………...…….6
2.1 Scanners……………………………………………………….…6
2.2 CRC scanners…………………………………………………..…..7
2.3 Blockers……………………………………………………..8
2.4 Immunizers…………………………….………………….…9
3. Main functions of the most common antiviruses…..10
3.1 Antivirus Dr. Web…………………………………………...…10
3.2 Kaspersky Anti-Virus……………………………………...10
3.3 Antivirus Antiviral Toolkit Pro……………………………12
3.4Norton AntiVirus 2000……………………………………………………13
Conclusion………………………………………………………………………………….15
List of references………………………………………………………...16
Introduction.
Information security means are a set of engineering, technical, electrical, electronic, optical and other devices and devices, instruments and technical systems, as well as other material elements used to solve various tasks on information protection, including preventing leaks and ensuring the security of protected information.
In general, the means of ensuring information security in terms of preventing intentional actions, depending on the method of implementation, can be divided into groups:
1) Technical (hardware) means. These are devices of various types (mechanical, electromechanical, electronic, etc.), which use hardware to solve information security problems. They either prevent physical penetration, or, if penetration does occur, access to information, including through its masking. The first part of the problem is solved by locks, bars on windows, watchmen, security alarms, etc. The second part is solved by noise generators, surge protectors, scanning radios and many other devices that “block” potential channels of information leakage or allow them to be detected. Advantages technical means associated with their reliability, independence from subjective factors, and high resistance to modification. Weak sides- insufficient flexibility, relatively large volume and weight, high cost;
2) Software tools include programs for user identification, access control, information encryption, removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software tools are versatility, flexibility, reliability, ease of installation, ability to modify and development. Disadvantages - limited functionality of the network, use of part of the resources of the file server and workstations, high sensitivity to accidental or intentional changes, possible dependence on the types of computers (their hardware);
3) Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties;
4) Organizational means consist of organizational and technical (preparing premises with computers, laying a cable system, taking into account the requirements for limiting access to it, etc.) and organizational and legal (national legislation and work rules established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many different problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including general organization work in a specific department.
In my work I will consider one of the software tools for information protection - antivirus programs. So, the purpose of my work is to analyze anti-virus information security tools. Achieving the set goal is mediated by solving the following tasks:
1) Studying the concept of anti-virus information security tools;
2) Consideration of the classification of anti-virus information protection tools;
3) Familiarization with the basic functions of the most popular antiviruses.
1. The concept of anti-virus information protection tools.
Anti-virus program (antivirus) - a program for detecting computer viruses, as well as unwanted (considered malicious) programs in general, and restoring files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or operating system malicious code (for example, using vaccination).
Antivirus software consists of routines that attempt to detect, prevent, and remove computer viruses and other malicious software.
2. Classification of antivirus programs.
Antivirus programs are the most effective in fighting computer viruses. However, I would like to immediately note that there are no antiviruses that guarantee one hundred percent protection against viruses, and statements about the existence of such systems can be regarded as either false advertising or unprofessionalism. Such systems do not exist, since for any antivirus algorithm it is always possible to propose a counter-algorithm for a virus that is invisible to this antivirus (the reverse, fortunately, is also true: for any virus algorithm it is always possible to create an antivirus).
The most popular and effective antivirus programs are antivirus scanners (other names: phage, polyphage, doctor program). Following them in terms of efficiency and popularity are CRC scanners (also: auditor, checksumer, integritychecker). Often both of these methods are combined into one universal antivirus program, which significantly increases its power. Also applicable various types blockers and immunizers.
2.1 Scanners.
The operating principle of anti-virus scanners is based on checking files, sectors and system memory and searching them for known and new (unknown to the scanner) viruses. To search for known viruses, so-called “masks” are used. The mask of a virus is some constant sequence of code specific to this particular virus. If the virus does not contain a permanent mask, or the length of this mask is not long enough, then other methods are used. An example of such a method is an algorithmic language that describes everything possible options codes that may be encountered during infection similar type virus. This approach is used by some antiviruses to detect polymorphic viruses. Scanners can also be divided into two categories - “universal” and “specialized”. Universal scanners are designed to search for and neutralize all types of viruses, regardless of the operating system in which the scanner is designed to work. Specialized scanners are designed to neutralize a limited number of viruses or only one class of viruses, for example macro viruses. Specialized scanners designed only for macro viruses often turn out to be the most convenient and reliable solution for protecting document management systems in MSWord and MSExcel environments.
Scanners are also divided into “resident” (monitors, guards), which perform on-the-fly scanning, and “non-resident”, which scan the system only upon request. As a rule, “resident” scanners provide more reliable protection systems, since they immediately respond to the appearance of a virus, while a “non-resident” scanner is able to identify the virus only during its next launch. On the other hand, a resident scanner can somewhat slow down the computer, including due to possible false positives.
The advantages of scanners of all types include their versatility; the disadvantages are the relatively low speed of virus scanning. The most common programs in Russia are: AVP - Kaspersky, Dr.Weber - Danilov, NortonAntivirus from Semantic.
2.2 CRC -scanners.
The operating principle of CRC scanners is based on calculating CRC sums (checksums) for files/system sectors present on the disk. These CRC sums are then stored in the antivirus database, as well as some other information: file lengths, dates of their last modification, etc. When subsequently launched, CRC scanners compare the data contained in the database with the actual calculated values. If the file information recorded in the database does not match the real values, then CRC scanners signal that the file has been modified or infected with a virus. CRC scanners using anti-stealth algorithms are quite a powerful weapon against viruses: almost 100% of viruses are detected almost immediately after they appear on the computer. However, this type of antivirus has an inherent flaw that significantly reduces their effectiveness. This disadvantage is that CRC scanners are not able to catch a virus at the moment it appears in the system, but do this only some time later, after the virus has spread throughout the computer. CRC scanners cannot detect a virus in new files (in email, on floppy disks, in files restored from a backup or when unpacking files from an archive), because their databases do not contain information about these files. Moreover, viruses periodically appear that take advantage of this “weakness” of CRC scanners, infecting only newly created files and thus remaining invisible to them. The most used programs of this kind in Russia are ADINF and AVPInspector.
2.3 Blockers.
Anti-virus blockers are resident programs that intercept “virus-dangerous” situations and notify the user about it. “Virus-dangerous” include calls to open for writing to executable files, writing to boot sectors of disks or the MBR of a hard drive, attempts by programs to remain resident, etc., that is, calls that are typical for viruses at the moment of reproduction. Sometimes some blocker functions are implemented in resident scanners.
The advantages of blockers include their ability to detect and stop a virus at the earliest stage of its reproduction, which, by the way, can be very useful in cases where a long-known virus constantly “creeps out of nowhere.” The disadvantages include the existence of ways to bypass the protection of blockers and a large number of false positives, which, apparently, was the reason for the almost complete refusal of users of this kind of anti-virus programs (for example, not a single blocker for Windows95/NT is known - there is no demand, no supply ).
It is also necessary to note such a direction of anti-virus tools as anti-virus blockers, made in the form of computer hardware components (“hardware”). The most common is the write protection built into the BIOS in the MBR of the hard drive. However, as in the case of software blockers, such protection can be easily bypassed by direct writing to the disk controller ports, and launching the DOS utility FDISK immediately causes a “false positive” of the protection.
There are several more universal hardware blockers, but in addition to the disadvantages listed above, there are also problems of compatibility with standard computer configurations and complexity in installing and configuring them. All this makes hardware blockers extremely unpopular compared to other types of antivirus protection.
2.4 Immunizers.
Immunizers are programs that write codes into other programs that report infection. They usually write these codes at the end of files (similar to a file virus) and check the file for changes every time they run it. They have only one drawback, but it is lethal: the absolute inability to report infection with a stealth virus. Therefore, such immunizers, like blockers, are practically not used at present. In addition, many programs developed recently check themselves for integrity and can mistake the codes embedded in them for viruses and refuse to work.
3. Basic functions of the most common antiviruses.
3.1 Antivirus Dr. Web.
Dr. Web is an old and deservedly popular antivirus in Russia, which has been helping users fight viruses for several years. New versions of the program (DrWeb32) work on several operating systems, protecting users from more than 17,000 viruses.
The set of functions is quite standard for an antivirus - scanning files (including those compressed with special programs and archived), memory, boot sectors of hard drives and floppy disks. Trojans, as a rule, cannot be cured but removed. Unfortunately, email formats are not checked, so it is impossible to know immediately after receiving an email whether the attachment contains a virus. The attachment will have to be saved to disk and checked separately. However, the resident monitor "Spider Guard" supplied with the program allows you to solve this problem on the fly.
Dr. Web is one of the first programs to implement heuristic analysis, which allows you to detect viruses that are not included in the anti-virus database. The analyzer detects virus-like instructions in a program and marks such a program as suspicious. The anti-virus database is updated via the Internet with one click of a button. The free version of the program does not perform heuristic analysis and does not disinfect files.
3.2 Kaspersky Anti-Virus.
Inspector monitors all changes in your computer and, if unauthorized changes are detected in files or in the system registry, allows you to restore the contents of the disk and remove malicious codes. Inspector does not require updates to the anti-virus database: integrity control is carried out based on taking original file fingerprints (CRC sums) and their subsequent comparison with modified files. Unlike other inspectors, Inspector supports all the most popular executable file formats.
The heuristic analyzer makes it possible to protect your computer even from unknown viruses.
The Monitor background virus interceptor, which is constantly present in the computer's memory, conducts an anti-virus scan of all files immediately at the time they are launched, created or copied, which allows you to control all file operations and prevent infection by even the most technologically advanced viruses.
Anti-virus email filtering prevents viruses from entering your computer. The Mail Checker plug-in not only removes viruses from the body of an email, but also completely restores the original content of emails. A comprehensive scan of email correspondence does not allow a virus to hide in any element of an email by scanning all areas of incoming and outgoing messages, including attached files (including archived and packaged ones) and other messages of any nesting level.
The Scanner antivirus scanner makes it possible to conduct a full-scale scan of all content of local and network drives on demand.
The Script Checker script virus interceptor provides anti-virus scanning of all running scripts before they are executed.
Support for archived and compressed files provides the ability to remove malicious code from an infected compressed file.
Isolation of infected objects ensures the isolation of infected and suspicious objects and their subsequent movement to a specially organized directory for further analysis and recovery.
Automation of anti-virus protection allows you to create a schedule and order of operation of program components; automatically download and connect new anti-virus database updates via the Internet; send warnings about detected virus attacks by email, etc.
3.3 Antivirus Antiviral Toolkit Pro.
Antiviral Toolkit Pro is a Russian product that has earned popularity abroad and in Russia due to its extensive capabilities and high reliability. There are versions of the program for most popular operating systems; the anti-virus database contains about 34,000 viruses.
There are several delivery options - AVP Lite, AVP Gold, AVP Platinum. The most complete version comes with three products - a scanner, a resident monitor and a control center. The scanner allows you to check files and memory for viruses and Trojans. This scans packaged programs, archives, and email databases ( Outlook folders etc.) and a heuristic analysis is carried out to search for new viruses not included in the database. The monitor "on the fly" checks every opened file for viruses and warns about virus danger, while simultaneously blocking access to the infected file. The Control Center allows you to schedule anti-virus scans and update databases via the Internet. IN demo version There is no possibility of disinfecting infected objects, checking packed and archived files, or heuristic analysis.
3.4 Norton AntiVirus 2000.
Norton AntiVirus is based on another popular product - AtGuard (@guard) personal firewall from WRQ Soft. As a result of applying the technological power of Symantec to it, the result is an integrated product with significantly expanded functionality. The core of the system is still the firewall. It works very effectively without configuration, practically without interfering with everyday use of the network, but blocking attempts to reboot or freeze the computer, gain access to files and printers, or establish communication with Trojan programs on the computer.
Norton AntiVirus is the only firewall reviewed that implements the capabilities of this method of protection 100%. All types of packets traveling over the network are filtered, incl. service (ICMP), rules for the operation of the firewall can take into account which application is working with the network, what kind of data is transferred and to which computer, at what time of day this happens.
To preserve confidential data, a firewall can block email addresses, browser types, and cookies from being sent to web servers. The Confidential Information Filter warns about an attempt to send unencrypted information to the network that the user has entered and marked as confidential.
Active content on web pages (Java applets, scripts, etc.) can also be blocked using Norton AntiVirus - the content filter can cut unsafe elements from the text of web pages before they reach the browser.
As an additional service not directly related to security issues, Norton AntiVirus offers a very convenient filter advertising banners(those annoying pictures are simply cut out of the page, which speeds up its loading), as well as the system parental controls. By prohibiting visiting certain categories of sites and launching certain types of Internet applications, you can be fairly calm about the network content that is accessible to children.
In addition to the firewall capabilities, Norton AntiVirus offers the user the protection of the Norton Antivirus program. This popular antivirus application with regularly updated antivirus databases allows you to quite reliably detect viruses on the most early stages their appearance. All files downloaded from the network, files attached to email, and active elements of web pages are scanned for viruses. In addition, Norton Antivirus has an anti-virus scanner and monitor that provide system-wide protection against viruses without being tied to network access.
Conclusion:
Getting acquainted with the literature, I achieved my goal and made the following conclusions:
1) Anti-virus program (antivirus) - a program for detecting computer viruses, as well as unwanted (considered malicious) programs in general, and restoring files infected (modified) by such programs, as well as for prevention - preventing infection (modification) of files or the operating system with malicious code (for example, through vaccination);
2) there are no antiviruses that guarantee 100% protection against viruses;
3) The most popular and effective antivirus programs are antivirus scanners (other names: phage, polyphage, doctor program). Following them in terms of efficiency and popularity are CRC scanners (also: auditor, checksumer, integritychecker). Often both of these methods are combined into one universal antivirus program, which significantly increases its power. Various types of blockers and immunizers are also used.
Bibliography:
1) Proskurin V.G. Software and hardware for information security. Protection in operating systems. –Moscow: Radio and Communications, 2000;
2) http://ru.wikipedia.org/wiki/Anti-virus_program;
3) www.kasperski.ru;
4) http://www.symantec.com/sabu/nis;
Information protection, antivirus protection
Humans tend to make mistakes. Any technical device is also subject to failures, breakdowns, and interference. An error can occur when implementing any information process. There is a high probability of errors when encoding information, processing and transmitting it. The result of an error may be the loss of necessary data, acceptance wrong decision, emergency situation.
Stored, transmitted and processed in society great amount information and this is partly why the modern world is very fragile, interconnected and interdependent. Information circulating in control and communication systems can cause large-scale accidents, military conflicts, and disruption of activities scientific centers and laboratories, the ruin of banks and commercial organizations. Therefore, information must be able to be protected from distortion, loss, leakage, and illegal use.
Example. In 1983, there was a flood in the southwestern United States. The cause was a computer that had been fed incorrect weather data, causing it to send an erroneous signal to the floodgates blocking the Colorado River.
Example. In 1971, 352 cars disappeared from the New York Railroad. The criminal used information from the computer center that manages the work railway, and changed the destination addresses of the cars. The damage caused amounted to more than a million dollars.
Development industrial production, brought a huge amount of new knowledge, and at the same time there was a desire to keep some of this knowledge from competitors and protect it. Information has long become a product and commodity that can be bought, sold, or exchanged for something else. Like any product, it requires application special methods to ensure safety.
In computer science, the main types of information protection when working on a computer and in telecommunication networks are considered to the greatest extent.
Computers- This technical devices for fast and accurate (error-free) processing large volumes information itself different types. But, despite the constant improvement in the reliability of their work, they can fail and break down, like any other device created by man. Software is also created by fallible people.
Designers and developers of hardware and software We make great efforts to ensure the protection of information:
From equipment failures;
From accidental loss or distortion of information stored on a computer;
From intentional distortion produced, for example, by computer viruses;
From unauthorized (illegal) access to information (its use, modification, distribution).
To the numerous, far from harmless computer errors, computer crime has also been added, threatening to develop into a problem, the economic, political and military consequences of which could be catastrophic.
When protecting information from equipment failures, they are used the following main methods:
Periodic archiving of programs and data. Moreover, the word “archiving” means both the creation of a simple backup copy and the creation of a copy with preliminary compression (compression) of information. In the latter case, use special programs-archivers (Arj, Rar, Zip, etc.);
Automatic file backup. If the user himself must take care of archiving, then when using automatic backup programs, the command to save any file is automatically duplicated and the file is saved on two autonomous media (for example, on two hard drives). Failure of one of them does not lead to loss of information. File backup is widely used, particularly in banking.
Protection against accidental loss or corruption of information stored on a computer comes down to the following methods:
automatic request for confirmation of a command that changes the contents of a file. If you want to delete a file or place a new file under the name of an existing one, a dialog box will appear on the display screen asking you to confirm the command or cancel it;
setting special document attributes. For example, many editor programs allow you to make a document read-only or hide a file by making its name unavailable in file management programs;
the ability to undo recent actions. If you are editing a document, you can use the undo function of the last action or group of actions, available in all modern editors. If you mistakenly deleted required file, then special programs allow you to restore it, however, only in the case when you did not have time to write anything over remote file;
differentiation of user access to file system resources, strict separation of system and user modes of operation of the computer system.
Protection of information from intentional distortion often also called protection against vandalism.
The problem of vandalism lies in the emergence of such disasters as computer viruses and computer worms. Both of these terms were invented more to attract public attention to the problem, and not to designate certain techniques of vandalism.
Computer virus is a specially written small fragment of a program that can be attached to other programs (files) on a computer system. For example, a virus can insert itself at the beginning of a program, so that every time that program is executed, the virus will be the first to be activated. During execution, the virus can perform deliberate damage, which immediately becomes noticeable, or simply look for other programs to which it can attach copies of itself. If an "infected" program is transferred to another computer via a network or floppy disk, the virus will begin infecting programs on the new machine as soon as the transferred program is launched. This is how the virus spreads from machine to machine. In some cases, viruses slowly spread to other programs and do not manifest themselves until a certain event occurs, for example, a given date, from which they will “destroy” everything around them. There are many types of computer viruses. Among them there are both invisible and self-modifying ones.
Term "worm" usually refers to a stand-alone program that copies itself throughout the network, residing on different machines. Like viruses, these programs can be designed to replicate themselves and to carry out “sabotage.”
To protect against viruses can be used:
General methods of information protection, which are also useful as insurance against physical damage to disks, malfunctioning programs or erroneous user actions;
Preventive measures to reduce the likelihood of contracting the virus;
Specialized anti-virus programs.
Many methods of protecting information from unauthorized (illegal) access arose long before the advent of computers.
One such method is encryption.
The problem of protecting information by transforming it to prevent it from being read by an outsider has worried the human mind since ancient times. The history of cryptology (kryptos - secret, logos - science) is the same age as the history of human language. Moreover, writing itself was at first a cryptographic system, since in ancient societies only a select few mastered it. Holy books Ancient Egypt Ancient India is an example of this. Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these directions are directly opposite. Cryptography deals with the search and research of methods for encrypting information. It makes it possible to transform information in such a way that its reading (recovery) is possible only if the key is known. The area of interest of cryptanalysis is the study of the possibilities of decrypting information without knowing the keys.
Key- information necessary for smooth encryption and decryption of text.
The first cryptographic systems are found already at the beginning of our era. Thus, Caesar in his correspondence already used a cipher that received his name. Cryptographic systems developed rapidly during the years of the First and Second World Wars. Appearance computer technology accelerated the development and improvement of cryptographic methods.
The main areas of use of these methods are the transfer of confidential information through communication channels (for example, via e-mail), establishing the authenticity of transmitted messages, storing information (documents, databases) on media in encrypted form.
The problem of using cryptographic methods in modern information systems is now becoming especially relevant. On the one hand, the use of telecommunication networks has expanded, through which large volumes of information of a state, commercial, military and private nature are transmitted, preventing unauthorized persons from accessing it. On the other hand, the emergence of new powerful hardware and software, effective decryption technologies has reduced reliability cryptographic systems, which until recently were considered practically unbreakable.
To others possible method protecting information from unauthorized access is use of passwords.
Passwords allow you to control access to both computers and individual programs or files. Unfortunately, sometimes the password can be guessed, especially since many users use their names, the names of loved ones, and dates of birth as passwords.
There are software tools against “breaking” passwords. To combat password guessing attempts, operating systems can be designed to detect instances where someone repeatedly uses inappropriate passwords (the first sign of someone else's password being guessed). In addition, the operating system may inform each user at the beginning of his Session when last time his account was used. This method allows the user to detect instances where someone was logged into the system under their name. A more complex defense (called a trap) is to create the illusion of successful access to information for the attacker while the analysis of where the attacker came from is carried out.
One of the common forms of violation of information law is the illegal copying of programs and data, in particular those located on commercially distributed storage media.
To prevent illegal copying of files, special software and hardware are used, for example, “electronic locks” that allow you to make no more than a specified number of copies from a floppy disk, or make it possible to work with the program only if it is connected to a special connector system unit connected device (usually a chip) supplied with legal copies of programs. There are other methods of protection, in particular administrative and law enforcement.
Self-control issues
1. List the main Negative consequences working at the monitor
2. Explain the purpose of ergonomics
3. What are the strong sources? electromagnetic radiation?
List the main methods used to protect information from equipment failures.
4. What is a “Worm”?
5. What methods are used to protect against viruses?
Due to the fact that information is the subject of property (state, collective, individual), then the problem of a threat to this information inevitably arises, consisting in its uncontrolled distribution, theft, unauthorized destruction, distortion, transfer, copying, and blocking access to information. Consequently, the problem arises of protecting information from leakage and unauthorized influences on information and its media, as well as preventing other forms of illegal interference in information resources and information systems.
Currently, the main issues of information protection are regulated by the laws of the Russian Federation “On state secret”, “On information, informatization and information protection”, “On security”, “On communications”, “Regulations on state licensing of activities in the field of information protection”, documents of the State Technical Commission of Russia and defense industries.
In accordance with the Federal Law of the Russian Federation dated July 27, 2006 No. 149-FZ “On information, information technology and on information protection" data protection represents the adoption of legal, organizational and technical measures aimed at:
- - ensuring the protection of information from unauthorized access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to such information;
- - maintaining the confidentiality of restricted access information;
- - implementation of the right to access information.
Information protection can be built in three directions (Fig. 148):
Rice. 148.
Protecting information from unintentional impact- activities to prevent the impact of user errors on protected information, failure of hardware and software of information systems, natural phenomena or other unintended actions leading to distortion, destruction, copying, blocking access to information, as well as loss, destruction or malfunction of the information carrier.
Protection against hardware and software failures comes down to installing reliable, licensed software, primarily the operating system, regularly running diagnostic programs, and periodically archiving information. Due to the possibility of information loss due to power failures, it is recommended to use uninterruptible power supplies.
Protection against incorrect user actions implies differentiation of access rights, prohibiting the installation of third-party programs (parental control).
Protection of information from unauthorized influence- activities aimed at preventing the impact on protected information in violation of established rights and/or rules for changing information, leading to its distortion, destruction, copying, blocking of access, as well as loss, destruction or failure of the functioning of the information carrier.
Defence from external influences is to prevent network attacks, loss of confidential information and data theft both through the network and through external media. To protect your computer from attacks over the network, a software and hardware tool called firewall, firewall or firewall(English, firewall). A firewall is a piece of software or hardware that inspects data entering over the Internet or network and, depending on the firewall settings, blocks it or allows it to enter the computer.
In order to prevent the loss of confidential information, it is customary to use user identification and authentication systems. The general algorithm for the operation of such systems comes down to receiving information from the user (login and password), checking it for authenticity, and then providing (or not providing) access to the system. However, the weakest link in such a defense system is the person. The following cases look most realistic:
The password you wrote down was found by an attacker;
the password was stolen by an attacker when it was entered by a legitimate user;
an attacker gained access to the security system database.
In the Help System and Windows support Table 7 shows the following characteristics of strong passwords and passphrases (Table 32).
Table 32. Signs of strong passwords and passphrases
|
Strong password: |
Strong passphrase: |
|
|
A password or passphrase that meets all of the conditions described above may still be weak. For example, HiPeoples meets all reliability requirements, but is unreliable because it contains the full word. Hi Рс0р7е$! more reliable than the previous one, since some letters in the word are replaced by numbers and, in addition, the password contains spaces.
To learn how to remember strong passwords and passphrases, Microsoft recommends:
- - create an abbreviation from an easy-to-remember phrase. For example, a phrase that is meaningful to you, such as “my son was born on June 15, 1980.” Using this phrase, you can come up with the password msr15jun80g as a hint;
- - replace letters or words in an easy-to-remember phrase with numbers, signs, and spelling errors. For example, based on the phrase “my son was born on June 15, 1980,” you can create a secure passphrase my SuHb r0d1lsb 0891;
- - passwords and passphrases can be associated with your favorite sport or hobby. For example, “I like to ride a motorcycle” can be remade into MnNrAuNsya8i2iO811600kt
Media protection is implemented by encoding disk data when it is not possible to restrict user access to storage media. An example is a software product such as Secret Disk Server NG, which is designed to protect corporate confidential information (databases, file archives, business applications and their data) stored and processed on servers and workstations. The program not only reliably protects confidential data, but also hides its presence on the server. Secret Disk Server NG provides data protection on hard and removable drives using the “transparent” encryption method, which consists in the fact that the user writes a document prepared in a text editor to the protected disk, and the protection system encrypts it during the recording process.
Protecting information from leakage- activities to prevent the uncontrolled dissemination of protected information from its disclosure, unauthorized access to protected information and from the receipt of protected information by intelligence services.
Protection against accidental losses is implemented quite simply using a regularly executed scheme of complete Reserve copy systems. If a user accidentally destroys data, if a hardware failure occurs, or if some program simply destroys the data, it is possible to restore the files from the backup media.
Virus protection. One of the most important components in an information security system is protection against computer viruses. Computer virus- a program created and used to cause any harm or achieve other illegal and harmful effects for users of personal computers and owners information resources goals. Essentially, a virus is a program code that can infiltrate existing files.
A common viral cold infection spreads among people, a computer virus also tends to multiply, only it moves from file to file and from computer to computer. Just as a regular viral infection can have irreparable effects on a person, a computer virus can be programmed to destroy and damage data.
On the website of one of the most famous companies in Russia, namely Kaspersky Lab, which produces anti-malware systems, located at www.kaspersky.ru, the symptoms of a computer infection with viruses and malware are identified. Among them are the following signs:
- - increase in outgoing Internet traffic;
- - frequent freezes and crashes in the computer;
- - programs start unexpectedly;
- - your personal firewall reports that a certain application is trying to connect to the Internet, although you did not launch this program;
- - your friends receive messages from you by e-mail that you did not send.
Indirect signs of infection may also include non-computer symptoms. For example, bills for phone calls or SMS messages that actually did not exist. This may indicate that on the computer or in mobile phone a “telephone Trojan” has appeared. If cases of unauthorized access to a personal bank account or facts of using a credit card are recorded, this may be a signal of spyware embedded in the system.
There is no single system for classifying virus programs; we can only highlight several, such as:
- - classification according to the method of infection;
- - classification by habitat;
- - classification by degree of impact;
- - classification according to the method of camouflage.
IN Depending on the nature of the areas where viruses are introduced, you can classify By the following habitats(Fig. 149):
Rice. 149.
File viruses infect executable files and dynamic library files (most often such files have the extensions .exe, .com, .dll, .sys).
Boot viruses infect boot sectors of storage devices, in particular hard drives.
Macro viruses infect document files that the user works with, most often files created in Microsoft applications Office. Macro is a sequence of commands designed to automate the work of a user working, for example, in the Word text editor. A macro written by an attacker can disrupt the correct operation of applications.
IN dependencies on the method of infection viruses can be classified as follows (Fig. 150):
Rice. 150.
Resident viruses after booting the computer are in random access memory and intercept operating system calls to files or boot sectors and inject themselves into them.
Non-resident viruses do not infect the computer’s memory and are active for a limited time.
Depending on the degree of impact viruses can be classified into the infected object as follows (Fig. 151):
Rice. 151.
Harmless viruses do not affect work personal computer however, the amount of disk space may be reduced.
Non-dangerous viruses do not affect the operation of a personal computer, however, due to their operation, the amount of RAM and/or disk space may be reduced, in addition, graphic and sound effects may occur.
Dangerous viruses lead to problems with the computer.
Very dangerous viruses lead to loss of information and destruction of data.
Classification by method of camouflage shown in Fig. 152. The camouflage process itself consists in the fact that viruses try to self-modify, i.e. hide from detection. Since the virus itself is a program, modifying the parameters of its code, especially its starting part, does not allow decoding the remaining commands of the virus.
Rice. 152.
Encryption- this technology is that functionally the virus consists of two parts: the virus itself and the encoder. Each copy of the virus consists of an encryptor, a random key, and the virus itself, encrypted with this key.
Metamorphism- it is based on the technology of rearranging various sections of the virus code, inserting meaningless commands between significant sections of code.
Polymorphism consists in the formation of new procedures that form the virus code, changing with each infection. When infecting files, the virus code is encrypted each time using random passwords.
However, besides viruses, there are also so-called malware, the purpose of which is to implement an influence aimed at causing harm to the owner of the information, including keyloggers, fraudulent software, adware, worms, Trojans, etc. Let us characterize some of them.
Keyloggers track keystrokes on the keyboard, collect confidential information (passwords, PIN codes, etc.), track email addresses and send the collected data to the attacker.
TO fraudulent software include a process called phishing, which is aimed at collecting personal data related to financial information of, say, a bank client. By creating a fake bank website, attackers can ask the client for a login, password, or PIN code to access his personal data and conduct financial transactions that involve stealing funds.
Advertising programs which are often embedded in trial versions of programs, can redirect the user to sites with paid information or to adult sites. Accordingly, such actions will lead to an increase in Internet traffic.
Worm programs. They get their name due to the fact that they have the ability to penetrate one computer, and then are ready to “crawl” (move) to other computers. Such programs usually penetrate the network and send themselves to other network nodes, but not with the goal of infecting computers, but to multiply their copies.
Trojans disguise themselves as regular programs, however, when launched, they perform malicious actions without the user’s knowledge. Thus, seeing, for example, a program file with interesting name and by opening it to satisfy curiosity, the user activates the Trojan program. The functions of such programs are theft of user personal information, such as passwords, and tracking user actions. Trojan programs do not spread on their own, this is their difference from worm programs, so the user himself is to blame for activating such programs.
- 1. For what reasons does the problem of information threat arise?
- 2. What laws regulate information security issues?
- 3. List the measures that can be aimed at protecting information.
- 4. Name three areas along which information security can be built. Give them a brief description.
- 5. What do you think is protection against hardware and software failures?
- 6. What is a firewall?
- 7. For what purposes are user identification and authentication systems used? What is the algorithm for their operation?
- 8. List the characteristics of strong passwords and passphrases.
- 9. What recommendations can you give for remembering passwords and passphrases?
- 10. How can information be protected from leakage?
- 11. Define a computer virus.
- 12. What symptoms of a computer virus infection do you know?
- 13. Give a classification of virus programs.
- 14. Characterize file and boot viruses.
- 15. What is the role of macro viruses? What is a macro?
- 16. Explain the difference between resident and non-resident viruses.
- 17. How are viruses classified depending on the degree of impact on the infected object?
- 18. Encryption, metamorphism, polymorphism - expand on these concepts.
- 19. What is the purpose of malware?
- 20. What does the term “phishing” mean?
- 21. What is the purpose of Trojan horses?
- 22. Analyze the report of your antivirus program installed on your computer. What malicious objects are contained in the report? Present the report as a table.
Workshop
Information protection, antivirus protection
Ways to protect your computer from viruses and other security threats include:
- - use of a firewall;
- - installation of an anti-virus program;
- - constant updating of the operating system;
- - prohibition of opening email attachments.
Let's consider the above methods one by one. In the operating room Windows system 7 firewall is enabled by default. To verify this, you should run the command Start/Control Panel/Firewall Windows. The window shown in Fig. will open. 153.
Rice. 153.
There is a link on the left side of the window Turn the firewall on or off Windows. By clicking on it, we will see the window shown in Fig. 154, in which for each type of network that is available on a particular computer, you can enable/disable the firewall.
Rice. 154.
The user can allow programs to communicate through the firewall. There is a link for this Allow a program or feature to run through Windows Firewall. But since a firewall is a “shield” that protects the computer from external influences, every action the user allows will create a “hole” in the “shield”. To reduce the risk of possible hazards, do the following:
- - allow a program or open a port only if it is really necessary, and also remove programs from the exclusion list and close ports if they are no longer needed;
- - never allow unknown program communication through a firewall.
It should be borne in mind that a firewall will not protect your computer from viruses that are found in email attachments, and also, without being able to recognize the meaning of the messages themselves, will not be able to protect against fraudulent activities.
The next way to protect your computer is installation of anti-virus programs. As an example, consider the program installation process Kaspersky Anti-Virus, as one of the most popular on Russian market antivirus software.
Installation of a program that starts immediately after insertion CD into the drive, will cause a window to appear Installation wizard.
After reading the terms of the license agreement, click the button I agree. Next, the program will offer to activate the commercial version of the product, for which the user must enter the activation code from the activation card, which is included in the boxed version of the program. A similar situation is shown in Fig. 155.
Rice. 155.
Next you need to fill out the form feedback, in which you need to enter your email address, name and click a button Further. After a few seconds, a message indicating successful activation of the software product appears on the screen. At this point the installation process is completed, the user just has to click on the button Complete.
After installation is complete, Kaspersky Anti-Virus is available at Start/All Programs/Kaspersky Anti-Virus. In order to check your computer for viruses, you should run the program. The window shown in Fig. 156.
Rice. 156.
At the bottom of the window click on the link Examination and select the item Full check. The following objects will be checked: system memory, objects executed when the operating system boots, system backup storage, mail databases, hard, removable and network drives. Another point - Checking Important Areas designed to check objects that are loaded when the operating system starts.
It is also recommended to check your computer for vulnerabilities, which are understood as anomalies and damage in the operating system and browser settings. Security diagnostics are carried out in many areas: for example, searching for Rootkit (programs for hidden control of a hacked system), searching for vulnerable services, parameters, collecting information about processes, drivers, etc.
After diagnostics are carried out, which takes a short period of time, the user receives a message in the form of a window Search for vulnerabilities, shown in Fig. 157.
All vulnerabilities found on a computer receive a certain status, such as Recommended for correction or Not necessary for correction. In order to get acquainted with the problem that has arisen, you should click the button Details. An Internet connection will be made to the developer’s website (Kaspersky Lab), where the danger rating, cause, description, rollback option (return to the previous action), and consequences of correcting the found vulnerability will be determined.
Rice. 157.
A registered user receives hourly database updates, can download updates for installed products for free and contact the service technical support. Program updates can be installed according to the user's schedule using the item Setting, however, with a high-speed Internet connection and a good computer hardware platform, this is not necessary. It is better if updates are installed automatically; this process will not affect the performance of the computer in any way.
The next way to protect your computer from viruses and other security threats is constant updating of the operating system. The organization of software updates was discussed in the workshop in paragraph 1.4.
Another measure to protect your computer from viruses and other threats is prohibiting opening email attachments. Many viruses are contained in email attachments and begin to spread as soon as the attachment is opened. Programs such as Microsoft Outlook or Windows Live can help block potentially dangerous attachments. If you receive an email containing attachments, images, or links, the user will be able to view the text of the email, but the attachments will be blocked. A similar situation is shown in Fig. 158.
Rice. 158.
After analyzing the contents of the letter, the user can select the option Show content or, if the author of the letter is well known to him, click on the link Always display the contents sent from this email address. Let's select the option Show content.
Rice. 159.
Rice. 160.
As can be seen from Fig. 160, the contents of the letter are now different from those shown in Fig. 158 - an image has appeared, in addition, any link contained in the letter is now available.
Operational requirements for a computer workstation
Workplace is considered a place of permanent or periodic stay of a worker to observe and conduct production processes or experiments.
The optimal layout of the workplace ensures convenience when performing work, saving effort and time of the worker (operator), proper use of production space, and safe working conditions.
According to GOST R 50923-96 “Displays. Operator's workplace. General ergonomic requirements and requirements for the production environment”, a workstation with a display must provide the operator with the ability to comfortably perform work in a sitting position and not create overload on the musculoskeletal system. The main elements of the operator's workplace are: desktop, work chair (chair), display, keyboard; auxiliary - music stand, footrest.
Desktop Requirements
The design of the work table should provide the ability to place on the working surface the necessary set of equipment and documents, taking into account the nature of the work being performed.
Based on their design, work tables are divided into adjustable and non-adjustable based on changes in the height of the working surface. The adjustable height of the working surface of the table should vary from 680 to 800 mm. Mechanisms for adjusting the height of the working surface of the table should be easily accessible in a sitting position, easy to control and securely fixed.
The height of the working surface of the table with a non-adjustable height should be 725 mm. The dimensions of the working surface of the table must be: depth - at least 600 (800) mm, width - at least 1200 (1600) mm. Preferred values are indicated in parentheses.
The work desk must have legroom of at least 600 mm high, at least 500 mm wide, at least 450 mm deep at knee level and at least 650 mm deep at leg level. The working surface of the table should not have sharp corners and edges.
Requirements for a work chair (chair):
- - a work chair (chair) must ensure the maintenance of a physiologically rational working posture of the operator during work, create conditions for changing posture in order to reduce static tension in the muscles of the cervical-brachial region and back, as well as to avoid impaired blood circulation in the lower extremities;
- - the work chair must be lift-swivel and adjustable in height and angles of inclination of the seat and back, as well as the distance of the back from the front edge of the seat;
- - in order to reduce static tension in the arm muscles, you should use stationary or removable armrests, adjustable in height above the seat and the internal distance between the armrests;
- - regulation of each position must be independent, easy to implement and have reliable fixation.
Display requirements:
- - the display at the operator’s workplace must be positioned so that the image in any part of it is visible without the need to raise or lower the head;
- - the display at the workplace must be installed below the operator’s eye level. The operator's viewing angle of the screen relative to the horizontal line of sight should not exceed 60°, as shown in Fig. 161.
Rice. 161.
A set of preventive measures for a computer workstation
Organization of the workplace consists of performing a set of activities, ensuring a rational and safe labor process and efficient use objects and tools, which helps to increase labor productivity and reduces worker fatigue.
The specific content of the events is:
- - in the rational layout of the workplace;
- - in creating comfortable working conditions;
- - providing the workplace with the necessary equipment.
Workplace layout The room should be designed to provide easy access for users to their work stations and to prevent workers from knocking over monitors and peripheral equipment while performing their work. functional responsibilities, as well as eliminate the possibility of injuries and accidents during operation.
Creating comfortable working conditions and the correct aesthetic design of workplaces is of great importance both for making work easier and for increasing its attractiveness, which has a positive effect on labor productivity. The painting of rooms and furniture should contribute to the creation of 244
favorable conditions for visual perception, Have a good mood. In office premises in which monotonous mental work is performed, requiring significant nervous tension and great concentration, the coloring should be calm tones - low-saturated shades of cold green or blue.
System unit and monitor cases may be unsafe for users if they are made of plastic that contains a component called triphenyl phosphate. At high temperature indoors they can cause various types of allergic reactions.
Selecting appropriate furniture (table, chair, etc.) to equip the workplace and correct position body when working on a PC will help reduce the load on the user’s musculoskeletal system.
Conducted medical and biological examinations of people who work professionally on PCs or are overly addicted to computer games, indicate the influence of the computer on the human psyche. The person becomes irritable, withdrawn, and easily excitable. This is facilitated not only by the reasons listed above, but also by the software products, their color design and sound. It is known that red color excites and can lead to increased blood pressure, while blue is calming. Thus, the color design of a program and its elements can have different effects on the psycho-emotional state of a person working at a computer. At constant professional work on a PC, the impact on the human psyche of the speed of the program’s response to human actions, the speed of image changes, the appearance of “assistants”, advice, etc. is not indifferent.
Providing the workplace with the necessary equipment has an active influence on the results of production and economic activities of any enterprise. So, for example, an engineer should have a computer desk on which the computer itself, a mouse, keyboard, and a large monitor are located for convenient display of the workspace. It is quite common to use two monitors. On one there is an active project, and on the other there are open sketches, blanks, literature, another project, or consultations are underway with colleagues from other departments or companies. In addition, a black and white printer and scanner are required.
Depending on the personal responsibilities of the employee, a plotter, a graphics tablet of A5 size and larger, a drawing board, and a fax can be used. To view works on sheets of paper, it is more convenient to install a large table next to the main place, such that several A1 sheets can be freely placed on it. A photocopying table (a transparent tabletop illuminated from below) will also be useful.
Thus, a person’s performance greatly depends on the properly organized space around his workplace. With a thoughtful approach to the arrangement of the place of work, employee fatigue will decrease, their labor productivity will increase, diseases of the musculoskeletal system will not appear, vision will deteriorate, etc. Therefore, it is important for the employee to monitor the environment, creating comfortable working conditions.
Test questions and assignments
- 1. What ways can you list to protect your computer from viruses?
- 2. What types of virus attacks will not a firewall protect against?
- 3. Show practically how you can change firewall settings.
- 4. What steps should a user take to install Kaspersky anti-virus on a computer?
- 5. Check your computer for viruses with the antivirus program that is installed on your computer. Submit the report in the form of screenshots to the teacher.
- 6. Update the antivirus program installed on your computer via the Internet. Submit the report in the form of screenshots to the teacher.
- 7. Name the main elements of a computer operator’s workplace.
- 8. What are the requirements for a work desk or chair?
- 9. Conduct a comparative analysis of your computer desk and chair according to the criteria given in the workshop. Present the result in the form of a table. Draw conclusions based on the comparison results.
- 10. Name a set of preventive measures for a computer workstation.
Antivirus protection used for the prevention and diagnosis of viral infection, as well as to restore the functionality of information systems affected by viruses.
Three groups of methods are used to protect against viruses:
Methods based on file content analysis(both data files and files with command codes). This group includes scanning for virus signatures, as well as integrity checking and scanning for suspicious commands.
Methods based on tracking program behavior when executing them. These methods consist of logging all events that threaten the security of the system and occur either during the actual execution of the code under test or during its software emulation.
Methods regulation of the procedure for working with files and programs. These methods apply to administrative measures ensuring security. One of the most common methods of this group is that only those programs are executed on the system (computer or corporate network), an entry for which is in the list of programs allowed to run on this system. This list is generated by the network administrator from proven software.
A virus signature is a unique sequence of bytes that is always present in a certain type of virus and by which this type of virus can be more likely to be identified. The signature scanning system works as follows. The contents of the tested file are compared with each of the signatures specified in the database of this system. Having detected a match, the system automatically places the suspicious file on quarantine, that is, it blocks the file from possible use.
A fundamentally different approach compared to methods for scanning file contents are methods based on analysis of program behavior during their execution. This method of detecting viruses can be compared to catching a criminal by the hand.
at the crime scene. The program under test is launched for execution, instruction by instruction, but all its suspicious actions are monitored and logged by the anti-virus system. If a program tries to execute any potentially dangerous command, such as writing data to the executable file of another program, its operation is suspended, and the antivirus system asks the user what action it should take.
A firewall (firewall, firewall) is a set of software and hardware that implements information security one piece computer network from another by analyzing the traffic passing between them.
Methods for assessing the effectiveness of information networks.
tanenbaum
Components and main characteristics of a data transmission system.
Receiver - repeater - transmitter communication line
Telecommunication systems.
The word “telecommunication” in both Russian and English is not strictly defined. Initially, it was interpreted as “telecommunications” and was understood as “... all types of transmission, emission and reception of signals, handwritten texts, images, sounds of any nature via wire, electrical or other electromagnetic systems.”
With the development of network architectures, the word telecommunication began to be translated as “telecommunication” and at the same time it was given a broader meaning than it was before. In the ISO/OSI architecture, telecommunications functions are considered to span the four lower layers of the reference model, where, in addition to purely communication functions, block/frame/packet generation, error protection, connection multiplexing, and much more are performed. The term is sometimes taken even more broadly to include almost all seven layers of the OSI reference model, including application functions such as e-mail and file transfer.
We will consider the concept of telecommunications in its original interpretation, meaning the transfer of information over physical media and primary communication networks.
The main task of the telecommunications network service is to ensure availability for users of geographically distributed network resources - software, computing, control, database. At the same time, stable loading of telecommunication resources must be ensured, low level transmission errors, low delays, parallel interconnected operation of network resources.
Rental block
The process of building a corporate anti-virus protection system consists of the following stages:
– analysis of the object of protection and determination of the basic principles of ensuring anti-virus security;
– development of anti-virus security policy;
– development of an anti-virus security plan;
– implementation of the anti-virus security plan.
On first stage it is necessary to identify the specifics of the protected network, justify and select several anti-virus protection options. This stage contains the following work:
– conducting an audit of the state of the computer system and anti-virus security tools;
– examination of the information system;
– analysis of possible scenarios for the implementation of potential threats associated with the penetration of viruses.
The result of the first stage is an assessment general condition antivirus protection.
Second phase consists of the following works:
– classification of information resources (list and degree of protection of various information resources of the organization);
– creation of anti-virus security forces and division of powers (structure and responsibilities of the unit responsible for organizing anti-virus security);
– organizational and legal support for ensuring anti-virus security (list of documents defining the duties and responsibilities of various user groups for compliance with anti-virus security norms and rules);
– determination of requirements for anti-virus security tools (for anti-virus systems that will be installed in the organization);
– calculation of costs for ensuring anti-virus security.
The result of the second stage is the enterprise's anti-virus security policy.
Third stage includes the following works:
– selection of software, automated inventory and monitoring of information resources;
– development of requirements and selection of anti-virus protection tools for servers and workstations on the local network, remote servers and remote users, group applications and e-mail;
– development of a list of organizational measures to ensure anti-virus security, development (adjustment) of job and work instructions for personnel, taking into account the anti-virus security policy and the results of risk analysis, namely:
– periodic analysis and assessment of the situation to ensure anti-virus security;
– monitoring of anti-virus security tools;
– plan and procedure for updating anti-virus security tools;
– monitoring staff compliance with their duties to ensure anti-virus security;
– training plan for certain categories of users;
– procedure for action in critical situations.
The result of the third stage is a plan for ensuring anti-virus protection of the enterprise.
Fourth stage contains the following works:
– delivery;
– implementation;
- support.
During the last fourth stage, the selected and approved anti-virus security plan is implemented.
As a result of this work, it becomes possible to build an effective corporate anti-virus protection system
We have the biggest information base in RuNet, so you can always find similar queries
This topic belongs to the section:
Information Security
Information security threat. OSI network model. Methods for detecting computer viruses. Unauthorized access. Anti-virus protection of corporate network. Methods for protecting confidential information. Information processing system. IP Network Security Issues
