Protection of information in local networks

Unauthorized access to information located in local networks happens:

• indirect - without physical access to the elements of local networks;
• direct - with physical access to elements of local networks.

Currently, there are the following ways of unauthorized receipt of information ( information leakage channels ):

• the use of listening devices;
• remote photography;
• interception of electromagnetic radiation ;
• theft of storage media and industrial waste;
• reading data in arrays of other users;
• copying storage media;
• unauthorized use of terminals;
• disguise as a registered user by stealing passwords and other details of access control;
• the use of software traps;
• obtaining protected data using a series of allowed queries;
• the use of shortcomings in programming languages and operating systems ;
• deliberate inclusion in the library of programs of special blocks such as “Trojan horses” ;
• illegal connection to equipment or communication lines of a computer system ;
• malicious disabling of defense mechanisms.

To solve the problem of information security, the main means used to create protection mechanisms are considered:

Hardware

Technical means - electrical, electromechanical, electronic, and other type of device. The advantages of technical means are related to their reliability, independence from subjective factors, and high resistance to modification. Weaknesses - lack of flexibility, relatively large volume and mass, high cost. Technical means are divided into:

• hardware - devices that are built directly into the equipment, or devices that interface with the equipment of local area networks via a standard interface (parity information control circuits, key memory field protection circuits, special registers);
• physical - implemented in the form of autonomous devices and systems (electronic-mechanical equipment for security alarms and surveillance. Locks on doors, bars on windows).

Software Tools

Software - programs specifically designed to perform functions related to the protection of information . Namely, programs for user identification, access control , information encryption , removal of residual (working) information such as temporary files, test control of the security system, etc. The advantages of software are versatility, flexibility, reliability, ease of installation, ability to modify and develop.

Disadvantages - limited network functionality, the use of part of the resources of the file server and workstations, high sensitivity to accidental or deliberate changes, possible dependence on the types of computers (their hardware ).

Mixed hardware and software

Mixed hardware and software implement the same functions as hardware and software separately, and have intermediate properties.

Organizational Tools

Organizational tools consist of organizational and technical (preparation of premises with computers, cabling, taking into account the requirements of restricting access to it, etc.) and organizational and legal (national laws and regulations established by the management of a particular enterprise). The advantages of organizational tools are that they allow you to solve many diverse problems, are easy to implement, quickly respond to unwanted actions on the network, and have unlimited possibilities for modification and development. Disadvantages - high dependence on subjective factors, including the general organization of work in a particular unit.

During the development of the concept of information security, experts came to the conclusion that the use of any one of the above methods of protection does not provide reliable information storage. An integrated approach to the use and development of all means and methods of information protection is needed.

According to the degree of distribution and accessibility, software tools are in the first place, therefore, they are further considered in more detail. Other means are applied in those cases when it is required to provide an additional level of information security .

Among the software for protecting information in local networks, one can single out and consider in more detail the following:

• data archiving means - means that merge several files and even directories into a single file - an archive , while reducing the total volume of source files by eliminating redundancy, but without loss of information, that is, with the ability to accurately restore the source files .;
• antivirus programs - programs designed to protect information from viruses ;
• cryptographic tools - include methods for ensuring the confidentiality of information, including through encryption and authentication ;
• means of identification and authentication of users - authentication (authentication) is the verification of the identity of the subject of access presented to them by the identifier and confirmation of its authenticity. In other words, authentication consists of checking whether the connecting subject is who it claims to be. And identification provides the implementation of the functions of establishing authenticity and determining the authority of the subject when it is admitted to the system, monitoring the established authority in the process of a work session, recording actions, etc.
• access control means - means aimed at limiting and registering the entry and exit of objects in a given territory through “access points”;
• logging and audit - logging provides the collection and accumulation of information about events occurring in the information system . Audit is a process of analyzing accumulated information. The purpose of computer auditing is to monitor the compliance of a system or network with the required safety rules, principles, or industry standards. An audit provides an analysis of everything that might be related to security issues, or anything that might lead to security issues.

Embedded

Built-in information protection tools in network operating systems are available, but not always, as already noted, can completely solve the problems that arise in practice. For example, network operating systems NetWare 3.x, 4.x allow for reliable “layered” protection of data from hardware failures and damage. Novell's SFT ( System Fault Tolerance ) system has three main levels:

• SFT Level I provides, in particular, the creation of additional copies of FAT and Directory Entries Tables, the immediate verification of each newly recorded data block on the file server , as well as backup on each hard disk of about 2% of the disk volume. If a failure is detected, the data is redirected to the reserved area of ​​the disk, and the failed block is marked as “bad” and is not used in the future.
• SFT Level II contains additional features for creating “mirrored” drives, as well as duplication of disk controllers, power supplies and interface cables.
• SFT Level III allows the use of duplicated servers in the local network , one of which is the “main” one, and the second, containing a copy of all the information, comes into operation if the “main” server fails.

The system for monitoring and restricting access rights in NetWare networks (protection against unauthorized access) also contains several levels:

• initial access level (includes user name and password , system of accounting restrictions - such as explicit permission or prohibition of work, allowable time on the network, hard disk space occupied by the user's personal files, etc.);
• the level of user rights (restrictions on the performance of certain operations and / or the work of a given user as a member of a unit in certain parts of the network file system );
• level of attributes of directories and files (restrictions on the performance of certain operations, including deletion, editing or creation, coming from the file system and relating to all users trying to work with these directories or files);
• console level of the file server (blocking the keyboard of the file server during the absence of the network administrator before entering a special password ).

Specialized

Specialized software tools for protecting information from unauthorized access generally have better capabilities and characteristics than built-in network OS tools. In addition to encryption programs and cryptographic systems , there are many other available external means of information protection. Of the most frequently mentioned solutions, the following two systems should be noted, which allow limiting and controlling information flows.

• Firewalls - firewalls (firewall - fire wall). Between the local and global networks , special intermediate servers are created that inspect and filter all traffic of the network / transport layers passing through them. This can dramatically reduce the threat of unauthorized access from outside to corporate networks , but does not completely eliminate this danger. A more secure version of the method is the masquerading method, when all traffic coming from the local network is sent on behalf of the firewall server, making the local network almost invisible.
• Proxy-servers (proxy - power of attorney, proxy). All traffic of the network / transport layers between the local and global networks is completely prohibited - there is no routing as such, and calls from the local network to the global network occur through special intermediary servers. Obviously, in this case, calls from the global network to the local network become impossible in principle. This method does not provide sufficient protection against attacks at higher levels - for example, at the application level ( viruses , Java code and JavaScript ).

• Intranet
• Local computing network
• Information leakage channels
• Unauthorized access
• Information Leakage Prevention

• Gerasimenko V. A. Information security in automated data processing systems: development, results, prospects. Foreign Radio Electronics, 2003, No. 3.
• Zaker K. Computer Networks. Upgrading and troubleshooting. SPb .: BHV-Petersburg, 2001.
• Galitsky A.V., Ryabko S.D., Shangin V.F. Protection of information on the network - technology analysis and synthesis of solutions. M .: DMK Press, 2004 .-- 616 p.