Cybersecurity: means of protecting
Means of protecting — development of such means and their improvement are a main objective of the sphere of cybersecurity. In some way rche goes not about fight against result of harmful influence, and first of all about prevention. Against the background of the increasing dependence of business on IT growth of intensity of actions of malefactors and continuous improvement of the methods of the attacks on corporate information systems and networks used by them continues. At the same time, despite a variety of technologies and the solutions used for protection against actions of malefactors, information security market it is possible to separate into several parts conditionally: firewalls, antiviruses, means of cryptography and AAA (means of authentication, authorization and administration).
Directory of solutions and cybersecurity projects - Antiviruses are available on TAdviser
Content |
Firewalls
Indivisible element of protection of network of the large organization against invasion of malefactors is the corporate firewall (F). The offer is presented at this market by tens of the companies ready to provide solutions for any environments: desktop systems, small and home office (SOHO), medium and small business, telecommunication companies , etc.
Therefore adoption of the correct decision on the choice of the firewall requires understanding of business needs for ensuring network security and operation principles of these products.
The firewall (firewall, the firewall) is a complex of equipment rooms and/or software tools intended for control and filtering of the network traffic passing through it according to the set rules. The main objective of this class of products is protection of computer networks (or their separate nodes) from unauthorized access.
Generally, the firewall uses one or several rule sets for check of network packets of the entering and/or outbound traffic. Rules of the firewall can check one or more characteristics of packets, including protocol type, the host address, a source, port , etc. There are two main methods of creation of rule sets: "including" and "excluding". The rules created by the first method allow to pass only to the traffic corresponding to rules and block all the rest. Rules on the basis of the excluding method, on the contrary, pass all traffic, except prohibited. The including firewalls are usually safer, than excluding as they significantly reduce risk of the admission the firewall of undesirable traffic.
Use of firewalls can be effective at the solution of the following tasks:
- Protection and isolation of applications, services and devices in internal network from the undesirable traffic coming from the Internet (separation of networks);
- Restriction or prohibition of access to services of network for certain devices or users;
- Support of network address translation that allows to use the private IP addresses or automatically appropriated public addresses in internal network.
One of the main trends in the market of firewalls — increase in functionality and aspiration to universality. Except direct supervision of traffic and separation of networks the functionality of modern solutions includes:
- The deep analysis of the passed traffic (deep packet inspection);
- Enciphering of traffic;
- Organization of remote access of users to resources of a local network (VPN);
- Authentication of users.
Modern ME give an opportunity of creation of virtual private networks which allow the companies to create secure data links through public networks, preventing thereby interception and distortion of the transmitted data and also providing control of integrity of transmitted data. At the organization of VPN networks different methods of authentication, including certificates of PKI X.509, one-time passwords, the RADIUS, TACACS+ protocols can be applied.
Now firewalls are even more often offered not in the form of separate solutions and as components of more complex systems of protection. Requirements of the market of products for the small and medium enterprises and remote offices served as an incentive to creation of specialized hardware devices with functions of firewalls. Such devices, as a rule, are dedicated servers with the software of the firewall, a virtual private network and the operating system which is previously set and configured on them.
With the advent of technologies of a wireless LAN the concept of "the protected perimeter" loses the value. In this regard mobile workstations become the most weak spot of corporate network. Producers develop for protection against threats of this sort Network Access Protection (Microsoft) technologies, Network Admission Control (Cisco), Total Access Protection (Check Point).
Today a significant amount of firewalls of different functionality is presented at the market. However when choosing this or that solution first of all it is worth paying attention to management of a similar system. Anyway, the quality of operation of the firewall directly depends on quality of the rule set set by the system administrator. Besides, it is necessary to understand that the firewall — not a panacea from all threats and its use is effective only together with other products among which the most noticeable place is taken by antiviruses.
Antiviruses
Computer viruses remain the most current problem of information security of corporate systems now.
Because the vast majority of malware extends by e-mail, firewalls are inefficient. In an arsenal decisions of this type there are no means of the analysis of the made e-mails.
One of the methods applied by system administrators along with use of the antivirus software is filtering of the messages containing investments of certain formats (most often, the performed applications).
Modern anti-virus software, at all their variety, uses only two essentially different methods of detection of malware:
- Search in signatures;
- Heuristic analysis.
Read article "to software for data protection"
Cryptographic protection
Means of cryptographic information protection are for a long time and widely used as a part of popular network technologies, such as virtual private networks (VPN) or Secure Shell (SSH). However for the purpose of direct protection of personal or corporate information application of such solutions is still very limited. So, private and business correspondence is in most cases conducted openly, enciphering of files and disks is a little widespread too. At the same time data encryption is one of the main and most reliable methods of prevention of unauthorized access to information. Further the main scopes of cryptographic information security tools will be given and also their different types are considered.
Perhaps, the widest sphere of potential application of cryptographic means — access isolation to confidential information and/or concealment of existence of such information from illegitimate users. On the scale of corporate network this problem is rather successfully solved by means of AAA (authentication, authorization and administration). However at protection of local devices they are most often inefficient. Especially sharp this problem becomes in connection with increase in number of mobile users.
Unfortunately, such quality as mobility which advantages to modern business it is difficult to revaluate in practice appears also a shortcoming. Unlike the desktop computer, it is easy to lose the notebook, it can be stolen or put out of action. According to Cnews, not less than 40% of cases of loss of notebooks occur owing to their theft. Up to 93% of all stolen notebooks any more never return to the owner.
It is clear, that all information which is stored on the notebook, is concluded in the hard drive. Take it from the notebook in a quiet situation — case of five minutes. For this reason the following means of protecting from unauthorized access will be useless:
- Password protection of BIOS;
- Password protection of the operating system;
- The means of authentication working at the level of applications.
At the same time application of resistant cryptographic algorithms, such as DES, AES, GOST 28147-89, RC4 (with key length not less than 128 bits), RSA — a reliable method to make information useless for the malefactor for many years. Today in the market there is a set of the companies implementing these algorithms both in software products and in the form of separate devices.
Means of protecting from unauthorized access
Main article: Information security tools from unauthorized access (the information security facility from NSD)
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls