Modern information technologies /4. Information safety

Lysenko O.D.,  Gafiyak А.М.

Poltava National Technical University named after Yuri Kondratyuk, Ukraine

The problem of cyber protection

The aim is to study the state of information protection in Ukraine and worldwide, audit risks and the adoption of possible model solutions. The problem of information security is no less important, on the contrary, we are already talking about cyber attacks, cyber weapons, cyber protection.

Review of current publications of domestic and foreign confirms the increasing issues and problems in information security, which is an integral part of national security. Information security can be divided into groups: industrial (projects business), national (state), network (Internet), protection of personal data. Of course this will include protection for military promyshlennogo complex. For Ukraine this topic is as relevant as ever. We are faced not just with theft in the information space and cyber war. Universal mobility of the society created a lot of problems. On the one hand, network technologies – large capability with drugi side is new destructive technologies.

Studying the experience of other countries which had long before understood, and on the basis of the legislation resolved these issues,Ukrina at the state level I postvil strategic importance of this problem is the creation of a Ministry of “Information policy “. In recent years Ukraine  create a number of important laws that reglamentary relations in the information space. For example, certification and standardization of software products, testing the so-called “open” and “free” products, which are the perfect “weapons”, we should not forget about the false sites and the transit IP addresses. We're not talking just about the computer and software, and human psychology and social engineering. Because of malware such as antivirus did man, but everyone had their own human and professional values. Here is an example of cyber weapons and cyber protection. Of course to create universal protection based on all the above is not possible. But to predict the minimum risks and to design a decision-making model is realistic.

European countries, including those that are part of NATO in the solution of these problems conduct joint exercises and workshops, this issue is not one country, but only of information space. Ukraine is also actively involved in this issue, representative NATO on information security works in Kiev.

Of course, does not stop the attack on the financial and banking systems of countries such as “banking Trojans”, fake websites of banks, not to mention not quite justified a full binding to the mobile phone that make good use of the criminals, because now the money will be transferred and take off anywhere in the world.

Social engineering is very convenient hackers and here to first the level of knowledge of human psychology, it is often the user himself provides the information.

Therefore, the training of it professionals requires new training programs as tasks that they need to solve much more complicated. Analysis of publications on this subject shows that practically the problem the same in all countries.It is therefore reasonable to solve and prevent anyone from being together. But then the question arises, what about public safety. For example, – the attempt to disrupt the airport “Borispol”, or wiretapping of top officials, the demand by Americans for open source free software, not to mention the software “bookmarks” in the banking programs. We should not forget that the main problem in the protection and evaluation of “weak’ spots in operating systems is access control, which is implemented at the user level. The access control lists is one of the possible methods of protection of information resources in the operating system. Since the number of users of different Autonomous systems increases constantly, so there is the question of the delimitation of their powers in the information system. Hackers are not “sleep”- appear promising, shpionskie development, the analysis of the buyout is a separate issue.

Here again there is a new question. Can answer policy – there is an international Directive on joint cyber protection and the national cyber protection. On segodnishny day promising can be considered proactive protection technologies, full sewn of course impossible, as the complete destruction of viral infection, but this technology makes it possible to analyze the state of information systems, points which are possible to attack, use heuristic analysis to have a base signature, practice shows that often the hackers used a combination of old virus code(polymorphism technique plus the technique of “stealth” (hide) as an example of last year's attack on the banking system of Japan. The situation in Ukraine shows modern cyber war. Modern weapon is fully computerized machinery.

The theme of information security is very broad and includes different aspects of our lives, we can say it applies to everyone. So in conclusion, i will present a plan for security policy.

·        mandatory  control source code

·        development of technologies for the operation of the system in terms of software without credibility. The access control lists is one of the possible methods of protection of information resources .

Literature:

Ivanova N., Korobulina O. Methods of analysis for the information security audit / New Trends in Information Technologies. ITHEA, Sofia, 2010, pp. 152–161.