Data protection
Slides: 16 Words: 724 Sounds: 0 Effects: 14Information. Association. protection. The main activities of AZI are determined by the capabilities of AZI enterprises: Comprehensive protection of information resources of corporate systems. Result: Creation of secure AS, including the management of an integrated information security system. The use of cryptographic means. Protection of information from leakage through technical channels. Supply of complex systems and means of information security. Supply of secure computing facilities. Independent audit of information security of informatization objects. Conducting R&D. - Information protection.ppt
Information security project
Slides: 5 Words: 352 Sounds: 0 Effects: 0Project name: Protecting information from malware. SUBJECT AREA: Informatics and ICT PARTICIPANTS: 10th grade students Project planning. PROJECT PROGRAM PROJECT EDUCATIONAL ENVIRONMENT EXAMPLES OF PROJECTS. Educational materials. Educational materials Guidelines Student guide. Assessment and standards. Evaluation criteria Examples of evaluation. - Information Security Project.ppt
Legal protection of information
Slides: 17 Words: 522 Sounds: 0 Effects: 48Legal protection of programs and data. Data protection. The presentation was prepared by Ekaterina Smoleva, a student of class 11 "a" of the Obyachevskaya secondary school. Legal protection of information. When registering electronically digital signature in specialized centers, the correspondent receives two keys: Secret. Open. The secret key is stored on a floppy disk or smart card and is known only to the correspondent. The public key must be held by all potential recipients of documents. Usually sent by email. When protecting against copying, various measures are used: -organizational -legal -physical -on the Internet. - Legal protection of information.pptx
Legal protection of information
Slides: 14 Words: 619 Sounds: 0 Effects: 63RUSSIAN ACADEMY OF JUSTICE Department of legal informatics, information law and mathematics. Legal Computer Science -. Information technology (Information technology) -. Electronic state (E-government) -. Examples of the use of electronic means in public administration: The main directions of the use of information and computer technologies in the legal sphere: State automated system"Justice". situational centers. Technical equipment of the situation center. The main element is the screen of collective use. - Legal protection of information.ppt
Informatics "Information Security"
Slides: 29 Words: 1143 Sounds: 0 Effects: 10Under the search for information understand. Channel feedback in a closed information system. Search for all excellent students in computer science. What search methods do you know. Data protection. GOST of basic terms and definitions in the field of protection. What information is protected. digital information. What are the main types of threats for digital information. What definition of information security is given in GOST. What impact is called unauthorized. What impact is called unintended. What you need to do to be calm for the information in your personal PC. - Informatics "Information Protection".pptx
Protection against unauthorized access
Slides: 10 Words: 640 Sounds: 0 Effects: 11Protection of information from unauthorized access. PROTECTION AGAINST UNAUTHORIZED ACCESS . Terms related to protection against unauthorized access. Private means of copy protection are dongles, passwords, etc. Types of information protection means. Firewall - firewall. Antiviruses. Scanner is a program that checks files for viruses. State regulation relations in the field of information security in Russian Federation. Informatics basic course, edited by S.V. Simonovich. - Protection against unauthorized access.ppt
Protection of information from unauthorized access
Slides: 20 Words: 480 Sounds: 0 Effects: 99Computer crime and security. Types of computer crimes. Unauthorized Entering logical access to information. bombs. Development and distribution of viruses. ness in development. Counterfeiting computer Theft of computer information. information. There are many measures aimed at crime prevention: Technical Organizational Legal. Prevention of computer crimes. Technical. Organizational. Legal. Classification of failures and violations: Equipment failures. Loss of information due to incorrect software operation. - Protection of information from unauthorized access.pps
Computer protection
Slides: 46 Words: 3395 Sounds: 0 Effects: 4Data protection. Protection against unauthorized access to information. Password protection. Biometric security systems. Physical protection of data on disks. Malware protection. Malicious and antivirus programs. Confidentiality. Integrity. Availability. Safety. Unauthorized access. Access control is implemented to prevent unauthorized access. It is not easy to overcome such protection. The rights may be different for different users. Fingerprint identification. Identification by characteristics of speech. Iris identification. - Computer protection.ppt
Computer protection
Slides: 30 Words: 924 Sounds: 0 Effects: 121Research objectives: The study of scientific, educational literature on the subject under study. Systematization and generalization of the experience of work on this problem. Contents of the work: introduction; three chapters; conclusion; application; bibliography; presentation. Areas of work: Computer criminals, virology on a global scale. Methods and methods of protection against computer crimes in the world. The state of hardware and software, methods of protection against viruses at the enterprises of Pokachi. Illegal access to legally protected computer information. Classification of computer crimes: - Computer protection.ppt
Protecting information on a computer
Slides: 36 Words: 1230 Sounds: 0 Effects: 0Fundamentals of information security. Information. Laws governing the work with information. About the mass media. Computer threats. Your computer, what it can tell you about you. Internet travel history. Protecting a "personal" computer outside the network. Protecting a "common" computer outside the network. Reliable power supply. Backup information. Reliability of storage media. Protecting Word documents. Computer viruses. Types of computer viruses. boot virus. file virus. Macro viruses. network viruses. Types of viruses. Signs of infection. Polyphages. - Protection of information on the computer.ppt
Internet information protection
Slides: 25 Words: 2504 Sounds: 0 Effects: 0Data protection. The concept and definition of information. The growth of the amount of information. Disclosure of information confidentiality. Types of protection of the computer network of the information system. Hardware aspects of information security. Security system requirements. Overview of methods for accessing network information and its modification. The need to protect information. Modification of the "logic bomb" type. Trojan horse modification. Hardware aspects of information security. Ensuring data persistence at the user level. Applying the copy operation. Protection of information in case of unstable power supply. - Protection of information on the Internet.ppt
Information protection in computer networks
Slides: 13 Words: 718 Sounds: 0 Effects: 0Information protection in computer networks. Means of information protection. Means of protecting information from unauthorized access. Passwords. Password login. Malware. Antivirus programs. Signature. Biometric security systems. Fingerprint identification. Identification by characteristics of speech. Iris identification. Identification by the palm of the hand. - Information protection in computer networks.ppt
Protection of personal information
Slides: 35 Words: 1498 Sounds: 0 Effects: 0Practical aspects of personal data protection for telecom operators. Part 1 Legislation on the protection of personal data. Abbreviations used. Basic concepts of the Federal Law "On Personal Data". Legislative and normative base in the field of PD. Documents developed on the basis of the Federal Law "On Personal Data". Changes in legislative framework in the field of PD. A large number of changes are being prepared to the Federal Law “On Personal Data” Issues of collecting consents for processing Issues of forming requirements for the protection of personal data. Possibly legalized. industry standards for the protection of personal data Changes to the consent form for processing. - Protection of personal data.ppt
Personal data and its protection
Slides: 14 Words: 688 Sounds: 0 Effects: 0What is personal data? Legal regulation. Protection of personal information. A set of measures to ensure the protection of personal data. Technical measures to protect personal data involve the use of software and hardware information protection. Personal data operator - government agency, municipal authority, legal or physical. a person organizing and (or) carrying out PD processing, as well as determining the purposes and content of PD processing. Who is a PD operator? The main provisions of the Law "On Personal Data". Requirements to information systems personal data. - Personal data and its protection.pptx
Processing and protection of personal data
Slides: 18 Words: 684 Sounds: 0 Effects: 0Principles of secure processing of personal data of customers. Letter of the law. Categories. Roskomnadzor checks. Responsibility. Domain. Consent to processing. Instruction package. Agreement with courier service. Means of protection. Recipes for success. A complex approach. Confidence. Certificate. Certificate in the browser. EV category certificates. - Processing and protection of personal data.ppt
Features of personal data protection
Slides: 26 Words: 1144 Sounds: 0 Effects: 7Features of personal data protection. Russian business. Small and medium business. Some statistics. Heterogeneity. Problem segments of SMEs. Statistics. Personal Information. Risk analysis. Probability of checks. Scheduled checks. Plan for some checks. The attitude of the SMB is still wary. Ways of organization. The generality of the organization of information protection. Building a protection system. Key requirements. Problematic issues of practical implementation. Means of preventing unauthorized access. Means of information protection. Budget. Building a personal data protection system. -
PROTECTION INFORMATION
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_1.jpg)
Data protection
is a set of measures aimed at ensuring information security.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_2.jpg)
Why is there a need to protect information
The problem of protecting information from unauthorized access has become particularly acute with the widespread use of local and, especially, global computer networks.
Often the damage is caused due to elementary user errors that accidentally corrupt or delete vital data.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_3.jpg)
Why protect information?
Information circulating in control and communication systems can cause large-scale accidents, military conflicts, disruption of the activities of scientific centers and laboratories, bankruptcies and commercial organizations. Therefore, information must be able to be protected from distortion, loss, leakage, illegal use.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_4.jpg)
Type of protection
Protection methods
From hardware failures
From accidental loss or distortion of information stored in the computer
- A request to confirm the execution of commands that modify files (for example, when replacing a file);
From computer viruses
Setting special attributes of documents and programs (read-only, hidden);
- Archiving and backing up files
- Preventive measures to reduce the likelihood of infection;
From unauthorized access to information (its use, modification, distribution)
Ability to undo an incorrect action or restore an erroneously deleted file;
Use of antivirus programs.
Encryption;
Differentiation of user access to PC resources.
Password protection;
" electronic locks " ;
administrative and law enforcement measures.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_5.jpg)
Automatic file backup
When using automatic backup programs, the command to save the file is automatically duplicated and the file is saved on two independent media, for example, on two hard drives. Failure of one of them does not lead to loss of information.
File backup is widely used, in particular in banking.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_6.jpg)
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_7.jpg)
Types of computer crimes
- Unauthorized access to information,
- Entering logic bombs,
- Development and distribution of viruses,
- Criminal negligence in development,
- Fake computer information
- Theft of computer information.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_8.jpg)
Measures preventing computer crimes
- Technical
- Organizational
- Legal
The protection of information in computers should be considered as a set of measures, including organizational, technical, legal, software, operational, insurance, and even moral and ethical measures.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_9.jpg)
Technical measures
Protection against unauthorized access to the system
Redundancy of Critical Computer Subsystems
Organization of computer networks
Installation of fire fighting equipment
Equipped with locks, alarms.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_10.jpg)
Organizational arrangements
- computer center security
- careful selection of staff
- availability of a recovery plan (after a failure),
- universality of means of protection from all users.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_11.jpg)
Legal measures
- Development of norms establishing responsibility for computer crimes;
- Copyright protection of programmers;
- Improvement of criminal and civil legislation.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_12.jpg)
"Legislation in the field of information"
10 basic laws, in which:
- the basic terms and concepts are defined,
- regulates the dissemination of information,
- copyright protection,
- property and non-property relations.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_13.jpg)
Article 273 of the Criminal Code of the Russian Federation
- Provides for criminal liability for the creation of computer programs or their modification, leading to unauthorized destruction.
- Protects the rights of the owner.
- Criminal liability resulting from the creation of the program.
- To attract, the mere fact of creating programs is sufficient.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_14.jpg)
Legal protection of information is regulated by the laws of the Russian Federation
The legal protection provided by this law extends to all types of computer programs that can be expressed in any language and in any form, including source text in a programming language and machine code. But legal protection does not extend to the ideas and principles underlying the computer program, including the ideas and principles of interface and algorithm organization.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_15.jpg)
To notify of his rights, the developer of the program may, starting from the first release of the program, use a copyright sign consisting of 3 elements:
- letters C in a circle or parentheses ©; title (name) of the right holder; year of the program's first release.
- letters C in a circle or parentheses ©;
- title (name) of the right holder;
- year of the program's first release.
© 1993-1997 Microsoft Corporation.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_16.jpg)
An organization or a user who legally owns a copy of the program (who has purchased a license to use it) has the right, without obtaining additional permission from the developer, to carry out any actions related to the operation of the program, including its recording and storage in the computer memory. Recording and storage in the computer memory is allowed in relation to one computer or one user in the network, unless otherwise provided by the contract with the developer.
Need to know and do existing laws, prohibiting illegal copying and use of licensed software. In relation to organizations or users that infringe copyright, the developer may seek damages and compensation from the infringer in an amount determined at the discretion of the court from 5,000 times to 50,000 times the minimum monthly wage.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_17.jpg)
Digital signature
In 2002, the Law of the Russian Federation "On digital signature", which became the legislative basis electronic document management in Russia. According to this law, an electronic digital signature in electronic document is recognized as legally equivalent to a signature in a paper document.
When registering a digital signature in specialized centers, the correspondent receives two keys: secret and public. The secret key is stored on a floppy disk or smart card and should be known only to the correspondent himself. The public key must be available to all potential recipients of documents and is usually distributed via email.
The process of electronic signing of a document consists in processing the text of the message using a secret key. Next, the encrypted message is sent by e-mail to the subscriber. The subscriber uses the public key to authenticate the message and the electronic signature.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_18.jpg)
The computer air defense system of the North American continent once declared a false nuclear alarm, putting the armed forces on alert. And the cause was a defective 46-cent chip - a small, coin-sized silicon element.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_19.jpg)
Examples of errors when working with information
In 1983, a flood occurred in the southwestern United States. The cause was a computer that was entered with incorrect weather data, as a result of which it gave an erroneous signal to the locks blocking the Colorado River.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_20.jpg)
Examples of errors when working with information
In 1971, 352 cars disappeared from the New York Railroad. The criminal took advantage of the information of the computer center that manages the work railway, and changed the destination addresses of the wagons. The damage caused amounted to more than a million dollars.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_21.jpg)
Incorrect work of users and maintenance personnel
80-90% of information security threats large companies comes from the "internal enemy" - careless users who can, for example, download a file with a virus from the network.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_22.jpg)
Technical failures of equipment
Cabling Disruption Prevention
Power failure protection
Disk Failure Prevention
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_23.jpg)
Unauthorized access from outside
« Hacker" - This English word, which denotes an individual who takes pleasure in learning the details of the functioning of computer systems and in expanding the capabilities of these systems (as opposed to most users who prefer to know only the necessary minimum).
information security professionals
hackers (
crackers
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_24.jpg)
The main task of a hacker is to investigate the protection, to discover weak spots in the security system and inform users and developers about them in order to eliminate the vulnerabilities found and increase the level of protection.
Crackers carry out "hacking" of the system in order to obtain unauthorized access to information resources and systems closed to them.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_25.jpg)
Crackers
vandals
penetration into the system with the aim of its complete destruction
jokers
notoriety gained by infiltrating the system
crackers
hacking the system in order to gain profit by stealing or replacing information
Internet information protection
If a computer is connected to the Internet, then in principle any user also connected to the Internet can access the information resources of this computer. If the server has an Internet connection and simultaneously serves as a local network server (Intranet server), then unauthorized access from the Internet to the local network is possible.
The mechanisms for penetration from the Internet to a local computer and to a local network can be different:
- Web pages loaded into the browser may contain active ActiveX controls or Java applets that can perform destructive actions on the local computer;
- some Web servers place text cookies on the local computer that can be used to obtain confidential information about the user of the local computer;
- using special utilities, you can access disks and files on the local computer, etc.
To prevent this from happening, a software or hardware barrier is installed between the Internet and the Intranet using firewall(firewall - firewall). The firewall monitors the transfer of data between networks, monitors current connections, detects suspicious activity and thereby prevents unauthorized access from the Internet to the local network.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_27.jpg)
Firewall
firewall (firewall) is a software and/or hardware barrier between two networks that allows only authorized connections to be established.
The firewall protects a local area network connected to the Internet or a separate personal computer from outside penetration and excludes the possibility of access to confidential information.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_28.jpg)
Protection of programs from illegal copying and use
Computer pirates, illegally replicating software, devalue the work of programmers, make software development an economically unprofitable business. In addition, software pirates often offer users unfinished programs, programs with errors, or their demo versions.
For computer software to function, it must be installed (installed). The software is distributed by manufacturers in the form of distribution kits on CD-ROM. Each distribution has its own serial number, which prevents illegal copying and installation of programs.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_29.jpg)
Special protections can be used to prevent illegal copying of programs and data stored on the CD-ROM. The CD-ROM may contain an encrypted software key, which is lost during copying and without which the program cannot be installed.
Protection against illegal use of programs can be implemented using a hardware key, which is usually attached to the computer's parallel port. The protected application accesses the parallel port and requests a secret code; if the hardware key is not connected to the computer, the protected application determines the situation of protection violation and stops its execution.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_30.jpg)
- Berne Convention for the Protection of Literary and Artistic Works 1886
- World Copyright Convention 1952
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_31.jpg)
- Constitution of the Russian Federation Art. 44.
- Civil Code of the Russian Federation.
- Copyright and Related Rights Act 1993
- Law of the Russian Federation "On legal protection computer programs and databases" 1992.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_32.jpg)
- Latin letter C inside a circle ©,
- The name of the owner of the exclusive copyright,
- Date of first publication.
© 1993-1997 Microsoft Corporation
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_33.jpg)
- copyright,
- Right to a name
- The right to publish
- The right to protect reputation.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_34.jpg)
If the programs are created in the performance of official duties or on the instructions of the employer, then they belong to the employer, unless otherwise provided in the contract between him and the author.
Extract from the Criminal Code of the Russian Federation
Chapter 28. Crimes in the field of computer information
Article 272. Illegal access to computer information.
1. Illegal access to computer information protected by law, that is, information on a machine carrier, in an electronic computer (ECM), if this act caused the destruction, blocking, modification or copying of information, disruption of the computer, - shall be punished
- a fine of two hundred to five hundred minimum dimensions wages
- or in size wages or other income of the convicted person for a period of two to five months,
- or correctional labor for a term of six months to one year,
- or imprisonment for up to two years.
2. The same act committed by a group of persons by prior agreement or by an organized group, or by a person using his official position, as well as having access to a computer, a computer system or their network, - compulsory works for a term of one hundred and eighty to two hundred and forty hours, or by corrective labor for a term of up to two years, or by arrest for a term of three to six months, or by deprivation of liberty for a term of up to five years.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_36.jpg)
Article 273. Creation, use and distribution of malicious programs for computers
Creating computer programs or making changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, as well as the use or distribution of such programs or machine media with such programs, is punishable.
- imprisonment for up to three years with a fine in the amount of two hundred to five hundred times the minimum wage
- or in the amount of wages or other income of the convicted person for a period of two to five months. The same acts that caused grave consequences - are punishable by imprisonment for a term of three to seven years.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_37.jpg)
Article 274
1. Violation of the rules for the operation of a computer by a person who has access to a computer, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm, shall be punished
- deprivation of the right to hold certain positions or engage in certain activities for up to five years,
- or compulsory works for a period of one hundred and eighty to two hundred and forty hours,
- or restraint of liberty for up to two years.
2. The same act, negligently entailing grave consequences, is punishable by deprivation of liberty for a term of up to four years.
![](https://i2.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_38.jpg)
- By fingerprints
- According to the characteristics of speech
- According to the geometry of the palms of the hands,
- By face,
- On the iris of the eye.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_39.jpg)
INFORMATION PROTECTION
It was announced in 1988 by the Computer Hardware Association to once again remind all users of the need to maintain the protection of their computers and the information stored on them.
In that year, the Morris worm attacked computers for the first time, as a result of which 6,000 nodes of the Internet's predecessor, the ARPANET, were infected. This attack caused $96 million in damages. The author of this virus might not have been found, but Robert Morris, a graduate student at Cornell University, was forced to confess by his own father. Morris received 3 years of probation and 400 hours of community service. In addition, he paid a $10,500 fine. Since in 1988 it was the first mass epidemic that hit computers, experts began to seriously think about an integrated approach to ensuring the security of information resources.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_40.jpg)
What is the best way to choose components for a password?
- Do not use a password that is a dictionary word.
- If possible, punctuation marks can be used.
- You can use lowercase and uppercase characters, as well as numbers from 0 to 9.
- The optimal number for compiling a password is the number of digits (letters) from 8 to 10.
- Use the last characters from a list of numbers, characters, or the alphabet.
- Beware of interceptor programs.
![](https://i1.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_41.jpg)
“If you don’t report the data within a week, you will be blocked”
"If you want to protect yourself from phishing, follow this link and enter your username and password"
Phishing is a type of Internet fraud, the purpose of which is to obtain identified user data.
![](https://i0.wp.com/fsd.kopilkaurokov.ru/uploads/user_file_56fd5cd6de962/img_user_file_56fd5cd6de962_42.jpg)
- How can I fix my copyright on a software product?
- Why is software piracy damaging to society?
- What are the software and hardware ways to protect information?
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img1.jpg)
The official policy of the state in the field of information security is expressed in Doctrine of information security of the Russian Federation(Order of the President dated September 9, 2000 No. Pr-1895). It expresses a set of official views on the goals, objectives, principles and main directions of ensuring the information security of the Russian Federation and serves as the basis for:
- For the formation of state policy in the field of information security of the Russian Federation
- Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of information security of the Russian Federation
- Developments targeted programs ensuring information security of the Russian Federation
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img2.jpg)
Information Security- this is the state of protection of the subjects of the Russian Federation in information sphere reflecting the totality of balanced interests of the individual, society and the state.
At the individual level implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as to protect information that ensures personal security.
At the level of society we are talking about ensuring the interests of the individual in this area, strengthening democracy, creating a state of law, achieving and maintaining public consent in the spiritual renewal of Russia.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img3.jpg)
Threatened security means an action or event that can lead to the destruction, distortion or unauthorized use of computer resources, including stored, transmitted and processed information, as well as software and hardware.
Type of threats:
- accidental (or unintentional)
- deliberate
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img4.jpg)
The main means of protecting computer data:
- protection of hardware components of the computer;
- protection of communication lines;
- database protection;
- protection of the computer control subsystem.
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img5.jpg)
Protection system - a set of tools and techniques that protect computer components and help minimize the risk to which its resources and users may be exposed.
There are various security mechanisms:
- encryption ;
- digital (electronic) signature ;
- access control;
- ensuring data integrity;
- providing authentication;
- traffic substitution;
- routing control;
- arbitration (or examination).
Exit
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img6.jpg)
Encryption (cryptographic protection) is used to implement the encryption service and is used in a number of different services.
Encryption can be :
- symmetrical– is based on using the same secret key for encryption and decryption.
- asymmetrical- is characterized by the fact that one key is used for encryption, which is publicly available, and for decryption - another, which is secret. However, knowledge of the public key does not make it possible to determine the secret key.
An organization is needed to implement the encryption mechanism special service generation of keys and their distribution among network subscribers.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img7.jpg)
Mechanisms digital signature used to implement authentication and repudiation services. These mechanisms are based on asymmetric encryption algorithms and include two procedures:
- formation of the signature by the sender
- its identification (verification) by the recipient.
First treatment provides encryption of the data block or its addition with a cryptographic checksum, and in both cases the secret key of the sender is used.
Second procedure is based on the use of a public key, the knowledge of which is sufficient to identify the sender.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img8.jpg)
Mechanisms access control check the authority of network objects (programs and users) to access its resources.
When accessing a resource through a connection, control is performed both at the exchange initialization point and at the end point, as well as at intermediate points.
The basis for the implementation of these mechanisms are the matrix of access rights and various options for its implementation. Mandatory lists include security labels assigned to objects that give the right to use a resource.
Another type includes lists of access rights based on object authentication and subsequent verification of its rights in special tables (access control databases) that exist for each resource.
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img9.jpg)
Mechanisms integrity apply both to individual data blocks and to information flows.
Integrity is ensured by the execution of interconnected encryption and decryption procedures by the sender and recipient, followed by a comparison of cryptographic checksums.
However, to implement protection against substitution of the block as a whole, it is necessary to control the integrity of the data stream, which can be implemented, for example, by encryption using keys that change depending on the previous blocks. It is also possible to use simpler methods such as numbering blocks or supplementing them with the so-called stamp (mark) of time.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img10.jpg)
Mechanisms authentication provide one-way and mutual authentication.
In practice, these mechanisms are combined with encryption, digital signature, and arbitration.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img11.jpg)
Traffic substitutions , in other words, the text padding mechanism is used to implement the data stream encryption service.
They are based on the generation of fictitious blocks by network objects, their encryption and organization of transmission over network channels.
This neutralizes the possibility of obtaining information about network users by observing the external characteristics of the flows circulating in the network.
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img12.jpg)
source random threats , occurring during computer operation, there may be errors in software, hardware failures, incorrect actions of users, operators or system administrators, etc.
![](https://i2.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img13.jpg)
Intentional threats pursue certain goals related to causing damage to users (subscribers) of the network.
Types of deliberate threats:
- Active
- Passive
![](https://i1.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img14.jpg)
Active invasions disrupt the normal functioning of a computer, make unauthorized changes to information flows, stored and processed information. These threats are implemented through a targeted impact on its hardware, software and information resources.
Active attacks include:
- destruction or electronic suppression of communication lines,
- disabling the entire system connected to the network, or its operating system,
- distortion of information in user databases or system data structures, etc.
The information stored in the computer memory can be selectively modified, destroyed, false data can be added to it.
Active intrusions are easy to detect, but difficult to prevent.
![](https://i0.wp.com/fhd.multiurok.ru/0/d/2/0d21d8a56bc1878a2f6fe59c31dc1ba419ad8912/img15.jpg)
With a passive intrusion, the attacker only observes the passage and processing of information without intruding into information flows.
These intrusions, as a rule, are aimed at the unauthorized use of computer information resources, without affecting its functioning. Passive threat is, for example, receiving information transmitted over communication channels by listening to them.
In this case, the intruder performs an analysis of the message flow (traffic), fixes identifiers, destinations, message length, frequency and time of exchanges.
slide 1
Completed by: student group 23 Gubanova E. Ya. Checked by: Turusinova I. P. Yoshkar-Ola, 2015slide 2
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img1.jpg)
slide 3
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img2.jpg)
slide 4
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img3.jpg)
slide 5
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img4.jpg)
slide 6
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img5.jpg)
Slide 7
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img6.jpg)
Slide 8
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img7.jpg)
Slide 9
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img8.jpg)
slide 10
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img9.jpg)
slide 11
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img10.jpg)
slide 12
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img11.jpg)
slide 13
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img12.jpg)
slide 14
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img13.jpg)
slide 15
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img14.jpg)
slide 16
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img15.jpg)
slide 17
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img16.jpg)
slide 18
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img17.jpg)
slide 19
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img18.jpg)
slide 20
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img19.jpg)
slide 21
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img20.jpg)
slide 22
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img21.jpg)
slide 23
![](https://i0.wp.com/bigslide.ru/images/25/24438/389/img22.jpg)
slide 24
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img23.jpg)
slide 28
![](https://i2.wp.com/bigslide.ru/images/25/24438/389/img27.jpg)
slide 29
![](https://i1.wp.com/bigslide.ru/images/25/24438/389/img28.jpg)
Description of the presentation on individual slides:
1 slide
Description of the slide:
Subject: Protection against unauthorized access to information KEI HE "Evening (shift) general education school No. 2" in Ustyuzhna Completed by: Shcheglova L.A.
2 slide
Description of the slide:
Basic concepts Information security is a set of measures aimed at ensuring information security. Information security is the protection of the integrity, availability and confidentiality of information. availability - the ability to receive the required information service in a reasonable time. Integrity - the relevance and consistency of information, its protection from destruction and unauthorized changes. Confidentiality - protection against unauthorized access to information.
3 slide
Description of the slide:
Information security is the state of security of the information environment. In computing, the concept of security implies the reliability of a computer, the safety of valuable data, the protection of information from changes by unauthorized persons, the preservation of the secrecy of correspondence in electronic communications. In all civilized countries, there are laws for the safety of citizens; information is protected by the federal law dated July 27, 2006 N 149-FZ "On information, information technology and information protection" (with amendments and additions), but still the reliability of computer systems largely relies on self-protection measures.
4 slide
Description of the slide:
Unauthorized access Unauthorized access - actions that violate the established access procedure or the rules of differentiation, access to programs and data, which is received by subscribers who have not been registered and do not have the right to familiarize themselves or work with these resources. Access control is implemented to prevent unauthorized access.
5 slide
Description of the slide:
Password protection Passwords are used to protect programs and data stored on your computer from unauthorized access. The computer allows access to its resources only to those users who are registered and have entered the correct password. Each specific user may be allowed access only to certain information resources. In this case, all unauthorized access attempts can be logged.
6 slide
Description of the slide:
Password protection is used when booting the operating system Password login can be set in the BIOS Setup program, the computer will not boot the operating system unless the correct password is entered. It is not easy to overcome such protection.
7 slide
Description of the slide:
Every disk, every folder, every file of the local computer can be protected from unauthorized access. Certain access rights can be set for them - full access, the ability to make changes, read only, write, etc. The rights can be different for different users.
8 slide
Description of the slide:
What is a password? "A password is a secret set of various characters that allows you to identify a legitimate user and his rights to work in a computer system." The general idea is this: the best password is a random and meaningless set of characters. Keep your password in a safe place. Change passwords regularly. This can mislead attackers. The stronger the password, the longer you can use it. A password of 8 or less characters can be used for a week, while a combination of 14 or more characters can last for several years.
9 slide
Description of the slide:
Biometric security systems Currently, biometric identification systems are increasingly used to protect against unauthorized access to information. Biometric identification is a method of identifying a person by individual specific biometric features (identifiers) inherent in a particular person Biometric identification methods are divided into two groups: Static methods Dynamic methods by fingerprints; according to the geometry of the palm of the hand According to handwriting. This technology is becoming a very popular alternative to hand painting. The dynamic signs of writing are analyzed - the degree of pressure, the speed of writing on the iris of the eye; according to the image of the face; By voice. Building an identification code by voice, as a rule, these are various combinations of frequency and statistical characteristics of the voice
10 slide
Description of the slide:
Fingerprint identification Optical fingerprint scanners are installed on laptops, mice, keyboards, flash drives, and also used as separate external devices and terminals (for example, in airports and banks). If the fingerprint pattern does not match the pattern of the user admitted to the information, then access to the information is impossible.
11 slide
Description of the slide:
Identification by the palm of the hand In biometrics, for identification purposes, the simple geometry of the hand is used - the size and shape, as well as some information signs on the back of the hand (images on the folds between the phalanges of the fingers, patterns of the location of blood vessels). Fingerprint identification scanners are installed at some airports, banks and nuclear power plants.
12 slide
Description of the slide:
Iris identification To identify the iris, special scanners connected to a computer are used. The iris of the eye is a unique biometric characteristic for each person. The image of the eye is extracted from the image of the face and a special mask of barcodes is superimposed on it. The result is a matrix, individual for each person.
13 slide
Description of the slide:
Facial Identification Facial recognition technologies are often used to identify a person. Recognition of a person occurs at a distance. Identification features take into account the shape of the face, its color, as well as the color of the hair. Currently, the issuance of new international passports begins, in the microcircuit of which a digital photograph of the owner is stored. Important features include also the coordinates of facial points in places corresponding to a change in contrast (eyebrows, eyes, nose, ears, mouth and oval).
14 slide
Description of the slide:
Until recently, it was believed that the most reliable method of biometric identification and authentication of a person is a method based on scanning the retina. It contains the best features of identification by the iris and by the veins of the hand. The scanner reads the pattern of capillaries on the surface of the retina. The retina has a fixed structure that does not change over time, except as a result of an eye disease, such as cataracts. Unfortunately, a number of difficulties arise when using this biometric method. The scanner here is a very complex optical system, and a person must considerable time do not move while the system is hovering, which causes discomfort.
15 slide
Description of the slide:
Dynamic Identification Methods - By Handwriting Biometric equipment manufacturers are trying to create reliable face identification systems using dynamic features. The additional hardware of such systems is cheaper than fingerprint or iris scanners. Personal identification systems based on the dynamics of reproducing handwritten passwords (signatures) are very convenient and promising in their class.