Современные
информационные технологии/4.Информационная безопасность
A.S.Begalin, Master of Science, senior teacher,
Kostanay state university of a name of
A.Baytursynov
ONCE AGAIN ON
INFORMATION SECURITY
Introduction.
Computer Security
Information security - a big and serious subject on which the set of
books including the Kazakhstan authors is written. The problem of information
security costs and at our university. Here we mainly talk about the attacks
from the outside, although we should not forget about internal security.
Internal vulnerability of computer systems may affect and external security
resources.
Two-faced
security
We suggest to allocate two tasks of ensuring information security,
because to some extent they can be practiced independently. Or not to be engaged.
The challenge facing all agencies and organizations that have access to
the global network, is an ensuring protection against external attacks. Global
access to information has the reverse negative side - a communication channel with the global
number of network hackers intruders. Their attacks are not perfect, but we can
do all their attack failed.
The challenge before most institutions and organizations large enough
(or sufficiently serious ) - is to ensure internal security. It is relevant in
that case when a part of employees in certain situations and according to
certain resources are regarded as foreign. In other words, when in your network
not all is possible for all. In fact, it is actual always, but in the small
companies similar severity often neglect. In many cases, it is relatively
painless, but we must always think about the likelihood and extent of potential
damage [1].
What
you need for external protection.
There are two possibilities. First, the most common, is realized if the
corporate network is no public (accessible from the Internet) servers, and
local machine doesn’t have a global IP- address - the type of technology used
by NAT (Network Address Translation). In this case from the outside world to
get a direct connection to your LAN is not possible, and they are out of reach
for outsiders. But there is always at least one computer which provides
communication of all network with the outside world (lock), which must have an
external address and is potentially vulnerable. If it can to be
"broken", it isn't excluded that after that the burglar will be able
to get access and to computers of an internal network. In this case all
attention should be focused on protecting the external perimeter of the
network, which in the simplest case represented by a single server.
The simplest solution consists of two steps: 1) install and configure properly
on the server firewall and 2) constantly to watch vulnerabilities on this
computer. If to do it accurately, you can feel safe. Pay attention to paragraph
2, it is the second only in order, but not least (the last but not the least,
as the English say). Without executing all work under paragraph 1 may be
useless. That so it didn't happen, just and it is worth using the safety
scanner (about it a bit later) [2].
If in your network has computers with global IP- addresses, the security
is becoming more difficult - attention require all such hosts .
What
you need for self-protection
If necessary to ensure internal safety the situation even more becomes
complicated. In a limit case all internal computers have to be considered as
potentially vulnerable with all that it implies: tracking of their
configuration and continuous monitoring of vulnerabilities. Fortunately, this
task, the good scanner of safety allows to simplify strongly and substantially
to automate.
In addition, there immediately arises for at least another couple of
tasks: 1) the creation of competent architecture of an internal network (excluding
one-time increase of security, it also minimizes the effort to further
security) and 2) the development and observance of the so -called policy (or several
politician) security, that is a set of the rules concerning various questions
of network functioning (creation and modification of passwords, regulations of
access to these or those resources). The first point can be made that is called
"for time", and here the second should be engaged constantly, and it
appears, as a rule, the heaviest - mainly, in the organizational plan. The most
unpleasant that it is impossible to automate its realization substantially.
But, to reach ideally working architecture and a security policy rather
difficult, it is possible to construct a network with very high degree of
security. In these circumstances key there is besides a continuous monitoring
of vulnerabilities of separate computers. In principle, even the network far
from an ideal in which each separate computer is impregnable, can be considered
as well protected. In other words, the competent solution of a problem of audit
of network safety (which it is well automated) allows to compensate
substantially defects in those areas where the solution of problems is more
labor-consuming or complicated for one reason or another [2].
Vulnerabilities
We use the term "vulnerabilities" in expanded sense, including
here actually vulnerabilities (vulnerabilies) and defects (exposures) as both
those, and others are found, as a rule, by means of safety scanners.
"Classical" vulnerabilities are mistakes in the software (for
example, the overflow of the buffer not caught by developers) which can be used
by burglars for receiving unauthorized access and achievement of others bad for
you and the desired purposes for them. "Defect" (more precisely, but
it is longer "susceptibility to foreign influence") is the violation
of safety caused by the wrong control or a configuration of the program, that
is wine not developers, and administrators. Typical obvious defect - the empty
or easily guessed password of access somewhere.
So, we will consider that vulnerabilities (they in computer popular
speech - holes) are dangerous mistakes either in the program, or in its
configuration. They have the unpleasant property that in the absence of
continuous control their number seeks to grow and in all without exception
cases sooner or later reaches absolutely unacceptable level. Process, in
general, is quite clear: if you regularly do not understand on his desk, then
sooner or later there is becoming a mess, which try to tactfully called "labor
unrest". Such a mess" in a
computer network is much more dangerous, because it first, it is not visible to
the naked eye, and, secondly, the consequences promise to big trouble [3].
"Fertility" of vulnerabilities, of course, has a very specific
and understandable reasons. The first - the emergence in a network of the new
software with their own "cockroaches" and sporadic changes of
settings which aren’t always carried out carefully enough. The second, more
fundamental, with which it is impossible to fight organizational - the
discovery of new "holes" in the existing software. There is the whole
information industry which is engaged in collecting, the publication and the
analysis of found vulnerabilities. Regular bulletins (bagtraki) about new
vulnerabilities receive information from both software developers and
independent experts, professionals and even from hackers who seek fame.
Unfortunately, many serious hackers tend not to advertise their vulnerability
found wanting as long as possible on the sly use them for their own purposes. In
this context it is possible to tell that any base of vulnerabilities by
definition is incomplete. This is bad, but this can be partly fight.
References
1
Site http://www.atelierweb.com/awft/.
2
Site http://www.firewallleaktester.com/.
3
Computer Press Magazine, № 10, 2006.