RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2010/05/22 23:49:00

Cybersecurity: means of protecting

Means of protecting  — development of such means and their improvement are a main objective of the sphere of cybersecurity. In some way rche goes not about fight against result of harmful influence, and first of all about prevention. Against the background of the increasing dependence of business on IT growth of intensity of actions of malefactors and continuous improvement of the methods of the attacks on corporate information systems and networks used by them continues. At the same time, despite a variety of technologies and the solutions used for protection against actions of malefactors, information security market it is possible to separate into several parts conditionally: firewalls, antiviruses, means of cryptography and AAA (means of authentication, authorization and administration).

Directory of solutions and cybersecurity projects - Antiviruses are available on TAdviser

Content

Firewalls

Indivisible element of protection of network of the large organization against invasion of malefactors is the corporate firewall (F). The offer is presented at this market by tens of the companies ready to provide solutions for any environments: desktop systems, small and home office (SOHO), medium and small business, telecommunication companies  , etc.

Therefore adoption of the correct decision on the choice of the firewall requires understanding of business needs for ensuring network security and operation principles of these products.

The firewall (firewall, the firewall)  is a complex of equipment rooms and/or software tools intended for control and filtering of the network traffic passing through it according to the set rules. The main objective of this class of products is protection of computer networks (or their separate nodes) from unauthorized access.

Generally, the firewall uses one or several rule sets for check of network packets of the entering and/or outbound traffic. Rules of the firewall can check one or more characteristics of packets, including protocol type, the host address, a source, port  , etc. There are two main methods of creation of rule sets: "including" and "excluding". The rules created by the first method allow to pass only to the traffic corresponding to rules and block all the rest. Rules on the basis of the excluding method, on the contrary, pass all traffic, except prohibited. The including firewalls are usually safer, than excluding as they significantly reduce risk of the admission the firewall of undesirable traffic.

Use of firewalls can be effective at the solution of the following tasks:

  • Protection and isolation of applications, services and devices in internal network from the undesirable traffic coming from the Internet (separation of networks);
  • Restriction or prohibition of access to services of network for certain devices or users;
  • Support of network address translation that allows to use the private IP addresses or automatically appropriated public addresses in internal network.

One of the main trends in the market of firewalls  — increase in functionality and aspiration to universality. Except direct supervision of traffic and separation of networks the functionality of modern solutions includes:

  • The deep analysis of the passed traffic (deep packet inspection);
  • Enciphering of traffic;
  • Organization of remote access of users to resources of a local network (VPN);
  • Authentication of users.

Modern ME give an opportunity of creation of virtual private networks which allow the companies to create secure data links through public networks, preventing thereby interception and distortion of the transmitted data and also providing control of integrity of transmitted data. At the organization of VPN networks different methods of authentication, including certificates of PKI X.509, one-time passwords, the RADIUS, TACACS+ protocols can be applied.

Now firewalls are even more often offered not in the form of separate solutions and as components of more complex systems of protection. Requirements of the market of products for the small and medium enterprises and remote offices served as an incentive to creation of specialized hardware devices with functions of firewalls. Such devices, as a rule, are dedicated servers with the software of the firewall, a virtual private network and the operating system which is previously set and configured on them.

With the advent of technologies of a wireless LAN the concept of "the protected perimeter" loses the value. In this regard mobile workstations become the most weak spot of corporate network. Producers develop for protection against threats of this sort Network Access Protection (Microsoft) technologies, Network Admission Control (Cisco), Total Access Protection (Check Point).

Today a significant amount of firewalls of different functionality is presented at the market. However when choosing this or that solution first of all it is worth paying attention to management of a similar system. Anyway, the quality of operation of the firewall directly depends on quality of the rule set set by the system administrator. Besides, it is necessary to understand that the firewall  — not a panacea from all threats and its use is effective only together with other products among which the most noticeable place is taken by antiviruses.

Antiviruses

Computer viruses remain the most current problem of information security of corporate systems now.

Because the vast majority of malware extends by e-mail, firewalls are inefficient. In an arsenal decisions of this type there are no means of the analysis of the made e-mails.

One of the methods applied by system administrators along with use of the antivirus software is filtering of the messages containing investments of certain formats (most often, the performed applications).

Modern anti-virus software, at all their variety, uses only two essentially different methods of detection of malware:

  • Search in signatures;
  • Heuristic analysis.

Read article "to software for data protection"

Cryptographic protection

Means of cryptographic information protection are for a long time and widely used as a part of popular network technologies, such as virtual private networks (VPN) or Secure Shell (SSH). However for the purpose of direct protection of personal or corporate information application of such solutions is still very limited. So, private and business correspondence is in most cases conducted openly, enciphering of files and disks is a little widespread too. At the same time data encryption is one of the main and most reliable methods of prevention of unauthorized access to information. Further the main scopes of cryptographic information security tools will be given and also their different types are considered.

Perhaps, the widest sphere of potential application of cryptographic means — access isolation to confidential information and/or concealment of existence of such information from illegitimate users. On the scale of corporate network this problem is rather successfully solved by means of AAA (authentication, authorization and administration). However at protection of local devices they are most often inefficient. Especially sharp this problem becomes in connection with increase in number of mobile users.

Unfortunately, such quality as mobility which advantages to modern business it is difficult to revaluate in practice appears also a shortcoming. Unlike the desktop computer, it is easy to lose the notebook, it can be stolen or put out of action. According to Cnews, not less than 40% of cases of loss of notebooks occur owing to their theft. Up to 93% of all stolen notebooks any more never return to the owner.

It is clear, that all information which is stored on the notebook, is concluded in the hard drive. Take it from the notebook in a quiet situation — case of five minutes. For this reason the following means of protecting from unauthorized access will be useless:

  • Password protection of BIOS;
  • Password protection of the operating system;
  • The means of authentication working at the level of applications.

At the same time application of resistant cryptographic algorithms, such as DES, AES, GOST 28147-89, RC4 (with key length not less than 128 bits), RSA — a reliable method to make information useless for the malefactor for many years. Today in the market there is a set of the companies implementing these algorithms both in software products and in the form of separate devices.

Means of protecting from unauthorized access

Main article: Information security tools from unauthorized access (the information security facility from NSD)

See Also