Presentation on the topic of information security. Information security presentation on the topic of information security. Protection of personal information

Data protection

Slides: 16 Words: 724 Sounds: 0 Effects: 14

Information. Association. protection. The main activities of AZI are determined by the capabilities of AZI enterprises: Comprehensive protection of information resources of corporate systems. Result: Creation of secure AS, including the management of an integrated information security system. The use of cryptographic means. Protection of information from leakage through technical channels. Supply of complex systems and means of information security. Supply of secure computing facilities. Independent audit of information security of informatization objects. Conducting R&D. - Information protection.ppt

Information security project

Slides: 5 Words: 352 Sounds: 0 Effects: 0

Project name: Protecting information from malware. SUBJECT AREA: Informatics and ICT PARTICIPANTS: 10th grade students Project planning. PROJECT PROGRAM PROJECT EDUCATIONAL ENVIRONMENT EXAMPLES OF PROJECTS. Educational materials. Educational materials Guidelines Student guide. Assessment and standards. Evaluation criteria Examples of evaluation. - Information Security Project.ppt

Legal protection of information

Slides: 17 Words: 522 Sounds: 0 Effects: 48

Legal protection of programs and data. Data protection. The presentation was prepared by Ekaterina Smoleva, a student of class 11 "a" of the Obyachevskaya secondary school. Legal protection of information. When registering electronically digital signature in specialized centers, the correspondent receives two keys: Secret. Open. The secret key is stored on a floppy disk or smart card and is known only to the correspondent. The public key must be held by all potential recipients of documents. Usually sent by email. When protecting against copying, various measures are used: -organizational -legal -physical -on the Internet. - Legal protection of information.pptx

Legal protection of information

Slides: 14 Words: 619 Sounds: 0 Effects: 63

RUSSIAN ACADEMY OF JUSTICE Department of legal informatics, information law and mathematics. Legal Computer Science -. Information technology (Information technology) -. Electronic state (E-government) -. Examples of the use of electronic means in public administration: The main directions of the use of information and computer technologies in the legal sphere: State automated system"Justice". situational centers. Technical equipment of the situation center. The main element is the screen of collective use. - Legal protection of information.ppt

Informatics "Information Security"

Slides: 29 Words: 1143 Sounds: 0 Effects: 10

Under the search for information understand. Channel feedback in a closed information system. Search for all excellent students in computer science. What search methods do you know. Data protection. GOST of basic terms and definitions in the field of protection. What information is protected. digital information. What are the main types of threats for digital information. What definition of information security is given in GOST. What impact is called unauthorized. What impact is called unintended. What you need to do to be calm for the information in your personal PC. - Informatics "Information Protection".pptx

Protection against unauthorized access

Slides: 10 Words: 640 Sounds: 0 Effects: 11

Protection of information from unauthorized access. PROTECTION AGAINST UNAUTHORIZED ACCESS . Terms related to protection against unauthorized access. Private means of copy protection are dongles, passwords, etc. Types of information protection means. Firewall - firewall. Antiviruses. Scanner is a program that checks files for viruses. State regulation relations in the field of information security in Russian Federation. Informatics basic course, edited by S.V. Simonovich. - Protection against unauthorized access.ppt

Protection of information from unauthorized access

Slides: 20 Words: 480 Sounds: 0 Effects: 99

Computer crime and security. Types of computer crimes. Unauthorized Entering logical access to information. bombs. Development and distribution of viruses. ness in development. Counterfeiting computer Theft of computer information. information. There are many measures aimed at crime prevention: Technical Organizational Legal. Prevention of computer crimes. Technical. Organizational. Legal. Classification of failures and violations: Equipment failures. Loss of information due to incorrect software operation. - Protection of information from unauthorized access.pps

Computer protection

Slides: 46 Words: 3395 Sounds: 0 Effects: 4

Data protection. Protection against unauthorized access to information. Password protection. Biometric security systems. Physical protection of data on disks. Malware protection. Malicious and antivirus programs. Confidentiality. Integrity. Availability. Safety. Unauthorized access. Access control is implemented to prevent unauthorized access. It is not easy to overcome such protection. The rights may be different for different users. Fingerprint identification. Identification by characteristics of speech. Iris identification. - Computer protection.ppt

Computer protection

Slides: 30 Words: 924 Sounds: 0 Effects: 121

Research objectives: The study of scientific, educational literature on the subject under study. Systematization and generalization of the experience of work on this problem. Contents of the work: introduction; three chapters; conclusion; application; bibliography; presentation. Areas of work: Computer criminals, virology on a global scale. Methods and methods of protection against computer crimes in the world. The state of hardware and software, methods of protection against viruses at the enterprises of Pokachi. Illegal access to legally protected computer information. Classification of computer crimes: - Computer protection.ppt

Protecting information on a computer

Slides: 36 Words: 1230 Sounds: 0 Effects: 0

Fundamentals of information security. Information. Laws governing the work with information. About the mass media. Computer threats. Your computer, what it can tell you about you. Internet travel history. Protecting a "personal" computer outside the network. Protecting a "common" computer outside the network. Reliable power supply. Backup information. Reliability of storage media. Protecting Word documents. Computer viruses. Types of computer viruses. boot virus. file virus. Macro viruses. network viruses. Types of viruses. Signs of infection. Polyphages. - Protection of information on the computer.ppt

Internet information protection

Slides: 25 Words: 2504 Sounds: 0 Effects: 0

Data protection. The concept and definition of information. The growth of the amount of information. Disclosure of information confidentiality. Types of protection of the computer network of the information system. Hardware aspects of information security. Security system requirements. Overview of methods for accessing network information and its modification. The need to protect information. Modification of the "logic bomb" type. Trojan horse modification. Hardware aspects of information security. Ensuring data persistence at the user level. Applying the copy operation. Protection of information in case of unstable power supply. - Protection of information on the Internet.ppt

Information protection in computer networks

Slides: 13 Words: 718 Sounds: 0 Effects: 0

Information protection in computer networks. Means of information protection. Means of protecting information from unauthorized access. Passwords. Password login. Malware. Antivirus programs. Signature. Biometric security systems. Fingerprint identification. Identification by characteristics of speech. Iris identification. Identification by the palm of the hand. - Information protection in computer networks.ppt

Protection of personal information

Slides: 35 Words: 1498 Sounds: 0 Effects: 0

Practical aspects of personal data protection for telecom operators. Part 1 Legislation on the protection of personal data. Abbreviations used. Basic concepts of the Federal Law "On Personal Data". Legislative and normative base in the field of PD. Documents developed on the basis of the Federal Law "On Personal Data". Changes in legislative framework in the field of PD. A large number of changes are being prepared to the Federal Law “On Personal Data” Issues of collecting consents for processing Issues of forming requirements for the protection of personal data. Possibly legalized. industry standards for the protection of personal data Changes to the consent form for processing. - Protection of personal data.ppt

Personal data and its protection

Slides: 14 Words: 688 Sounds: 0 Effects: 0

What is personal data? Legal regulation. Protection of personal information. A set of measures to ensure the protection of personal data. Technical measures to protect personal data involve the use of software and hardware information protection. Personal data operator - government agency, municipal authority, legal or physical. a person organizing and (or) carrying out PD processing, as well as determining the purposes and content of PD processing. Who is a PD operator? The main provisions of the Law "On Personal Data". Requirements to information systems personal data. - Personal data and its protection.pptx

Processing and protection of personal data

Slides: 18 Words: 684 Sounds: 0 Effects: 0

Principles of secure processing of personal data of customers. Letter of the law. Categories. Roskomnadzor checks. Responsibility. Domain. Consent to processing. Instruction package. Agreement with courier service. Means of protection. Recipes for success. A complex approach. Confidence. Certificate. Certificate in the browser. EV category certificates. - Processing and protection of personal data.ppt

Features of personal data protection

Slides: 26 Words: 1144 Sounds: 0 Effects: 7

Features of personal data protection. Russian business. Small and medium business. Some statistics. Heterogeneity. Problem segments of SMEs. Statistics. Personal Information. Risk analysis. Probability of checks. Scheduled checks. Plan for some checks. The attitude of the SMB is still wary. Ways of organization. The generality of the organization of information protection. Building a protection system. Key requirements. Problematic issues of practical implementation. Means of preventing unauthorized access. Means of information protection. Budget. Building a personal data protection system. -

PROTECTION INFORMATION

Data protection

is a set of measures aimed at ensuring information security.

Why is there a need to protect information

The problem of protecting information from unauthorized access has become particularly acute with the widespread use of local and, especially, global computer networks.

Often the damage is caused due to elementary user errors that accidentally corrupt or delete vital data.

Why protect information?

Information circulating in control and communication systems can cause large-scale accidents, military conflicts, disruption of the activities of scientific centers and laboratories, bankruptcies and commercial organizations. Therefore, information must be able to be protected from distortion, loss, leakage, illegal use.

Type of protection

Protection methods

From hardware failures

From accidental loss or distortion of information stored in the computer

A request to confirm the execution of commands that modify files (for example, when replacing a file);

From computer viruses

Setting special attributes of documents and programs (read-only, hidden);

Archiving and backing up files
Preventive measures to reduce the likelihood of infection;

From unauthorized access to information (its use, modification, distribution)

Ability to undo an incorrect action or restore an erroneously deleted file;

Use of antivirus programs.

Encryption;

Differentiation of user access to PC resources.

Password protection;

" electronic locks " ;

administrative and law enforcement measures.

Automatic file backup

When using automatic backup programs, the command to save the file is automatically duplicated and the file is saved on two independent media, for example, on two hard drives. Failure of one of them does not lead to loss of information.

File backup is widely used, in particular in banking.

Types of computer crimes

Unauthorized access to information,
Entering logic bombs,
Development and distribution of viruses,
Criminal negligence in development,
Fake computer information
Theft of computer information.

Measures preventing computer crimes

Technical
Organizational
Legal

The protection of information in computers should be considered as a set of measures, including organizational, technical, legal, software, operational, insurance, and even moral and ethical measures.

Technical measures

Protection against unauthorized access to the system

Redundancy of Critical Computer Subsystems

Organization of computer networks

Installation of fire fighting equipment

Equipped with locks, alarms.

Organizational arrangements

computer center security
careful selection of staff
availability of a recovery plan (after a failure),
universality of means of protection from all users.

Legal measures

Development of norms establishing responsibility for computer crimes;
Copyright protection of programmers;
Improvement of criminal and civil legislation.

"Legislation in the field of information"

10 basic laws, in which:

the basic terms and concepts are defined,
regulates the dissemination of information,
copyright protection,
property and non-property relations.

Article 273 of the Criminal Code of the Russian Federation

Provides for criminal liability for the creation of computer programs or their modification, leading to unauthorized destruction.
Protects the rights of the owner.
Criminal liability resulting from the creation of the program.
To attract, the mere fact of creating programs is sufficient.

Legal protection of information is regulated by the laws of the Russian Federation

The legal protection provided by this law extends to all types of computer programs that can be expressed in any language and in any form, including source text in a programming language and machine code. But legal protection does not extend to the ideas and principles underlying the computer program, including the ideas and principles of interface and algorithm organization.

To notify of his rights, the developer of the program may, starting from the first release of the program, use a copyright sign consisting of 3 elements:

letters C in a circle or parentheses ©; title (name) of the right holder; year of the program's first release.
letters C in a circle or parentheses ©;
title (name) of the right holder;
year of the program's first release.

An organization or a user who legally owns a copy of the program (who has purchased a license to use it) has the right, without obtaining additional permission from the developer, to carry out any actions related to the operation of the program, including its recording and storage in the computer memory. Recording and storage in the computer memory is allowed in relation to one computer or one user in the network, unless otherwise provided by the contract with the developer.

Need to know and do existing laws, prohibiting illegal copying and use of licensed software. In relation to organizations or users that infringe copyright, the developer may seek damages and compensation from the infringer in an amount determined at the discretion of the court from 5,000 times to 50,000 times the minimum monthly wage.

Digital signature

In 2002, the Law of the Russian Federation "On digital signature", which became the legislative basis electronic document management in Russia. According to this law, an electronic digital signature in electronic document is recognized as legally equivalent to a signature in a paper document.

When registering a digital signature in specialized centers, the correspondent receives two keys: secret and public. The secret key is stored on a floppy disk or smart card and should be known only to the correspondent himself. The public key must be available to all potential recipients of documents and is usually distributed via email.

The process of electronic signing of a document consists in processing the text of the message using a secret key. Next, the encrypted message is sent by e-mail to the subscriber. The subscriber uses the public key to authenticate the message and the electronic signature.

The computer air defense system of the North American continent once declared a false nuclear alarm, putting the armed forces on alert. And the cause was a defective 46-cent chip - a small, coin-sized silicon element.

Examples of errors when working with information

In 1983, a flood occurred in the southwestern United States. The cause was a computer that was entered with incorrect weather data, as a result of which it gave an erroneous signal to the locks blocking the Colorado River.

Examples of errors when working with information

In 1971, 352 cars disappeared from the New York Railroad. The criminal took advantage of the information of the computer center that manages the work railway, and changed the destination addresses of the wagons. The damage caused amounted to more than a million dollars.

Incorrect work of users and maintenance personnel

80-90% of information security threats large companies comes from the "internal enemy" - careless users who can, for example, download a file with a virus from the network.

Technical failures of equipment

Cabling Disruption Prevention

Power failure protection

Disk Failure Prevention

Unauthorized access from outside

« Hacker" - This English word, which denotes an individual who takes pleasure in learning the details of the functioning of computer systems and in expanding the capabilities of these systems (as opposed to most users who prefer to know only the necessary minimum).

information security professionals

hackers (

crackers

The main task of a hacker is to investigate the protection, to discover weak spots in the security system and inform users and developers about them in order to eliminate the vulnerabilities found and increase the level of protection.

Crackers carry out "hacking" of the system in order to obtain unauthorized access to information resources and systems closed to them.

Crackers

vandals

penetration into the system with the aim of its complete destruction

jokers

notoriety gained by infiltrating the system

crackers

hacking the system in order to gain profit by stealing or replacing information

Internet information protection

If a computer is connected to the Internet, then in principle any user also connected to the Internet can access the information resources of this computer. If the server has an Internet connection and simultaneously serves as a local network server (Intranet server), then unauthorized access from the Internet to the local network is possible.

The mechanisms for penetration from the Internet to a local computer and to a local network can be different:

Web pages loaded into the browser may contain active ActiveX controls or Java applets that can perform destructive actions on the local computer;
some Web servers place text cookies on the local computer that can be used to obtain confidential information about the user of the local computer;
using special utilities, you can access disks and files on the local computer, etc.

To prevent this from happening, a software or hardware barrier is installed between the Internet and the Intranet using firewall(firewall - firewall). The firewall monitors the transfer of data between networks, monitors current connections, detects suspicious activity and thereby prevents unauthorized access from the Internet to the local network.

Firewall

firewall (firewall) is a software and/or hardware barrier between two networks that allows only authorized connections to be established.

The firewall protects a local area network connected to the Internet or a separate personal computer from outside penetration and excludes the possibility of access to confidential information.

Protection of programs from illegal copying and use

Computer pirates, illegally replicating software, devalue the work of programmers, make software development an economically unprofitable business. In addition, software pirates often offer users unfinished programs, programs with errors, or their demo versions.

For computer software to function, it must be installed (installed). The software is distributed by manufacturers in the form of distribution kits on CD-ROM. Each distribution has its own serial number, which prevents illegal copying and installation of programs.

Special protections can be used to prevent illegal copying of programs and data stored on the CD-ROM. The CD-ROM may contain an encrypted software key, which is lost during copying and without which the program cannot be installed.

Protection against illegal use of programs can be implemented using a hardware key, which is usually attached to the computer's parallel port. The protected application accesses the parallel port and requests a secret code; if the hardware key is not connected to the computer, the protected application determines the situation of protection violation and stops its execution.

Berne Convention for the Protection of Literary and Artistic Works 1886
World Copyright Convention 1952

Constitution of the Russian Federation Art. 44.
Civil Code of the Russian Federation.
Copyright and Related Rights Act 1993
Law of the Russian Federation "On legal protection computer programs and databases" 1992.

Latin letter C inside a circle ©,
The name of the owner of the exclusive copyright,
Date of first publication.

copyright,
Right to a name
The right to publish
The right to protect reputation.

If the programs are created in the performance of official duties or on the instructions of the employer, then they belong to the employer, unless otherwise provided in the contract between him and the author.

Extract from the Criminal Code of the Russian Federation

Chapter 28. Crimes in the field of computer information

Article 272. Illegal access to computer information.

1. Illegal access to computer information protected by law, that is, information on a machine carrier, in an electronic computer (ECM), if this act caused the destruction, blocking, modification or copying of information, disruption of the computer, - shall be punished

a fine of two hundred to five hundred minimum dimensions wages
or in size wages or other income of the convicted person for a period of two to five months,
or correctional labor for a term of six months to one year,
or imprisonment for up to two years.

2. The same act committed by a group of persons by prior agreement or by an organized group, or by a person using his official position, as well as having access to a computer, a computer system or their network, - compulsory works for a term of one hundred and eighty to two hundred and forty hours, or by corrective labor for a term of up to two years, or by arrest for a term of three to six months, or by deprivation of liberty for a term of up to five years.

Article 273. Creation, use and distribution of malicious programs for computers

Creating computer programs or making changes to existing programs that knowingly lead to unauthorized destruction, blocking, modification or copying of information, disruption of the computer, as well as the use or distribution of such programs or machine media with such programs, is punishable.

imprisonment for up to three years with a fine in the amount of two hundred to five hundred times the minimum wage
or in the amount of wages or other income of the convicted person for a period of two to five months. The same acts that caused grave consequences - are punishable by imprisonment for a term of three to seven years.

Article 274

1. Violation of the rules for the operation of a computer by a person who has access to a computer, resulting in the destruction, blocking or modification of computer information protected by law, if this act caused significant harm, shall be punished

deprivation of the right to hold certain positions or engage in certain activities for up to five years,
or compulsory works for a period of one hundred and eighty to two hundred and forty hours,
or restraint of liberty for up to two years.

2. The same act, negligently entailing grave consequences, is punishable by deprivation of liberty for a term of up to four years.

By fingerprints
According to the characteristics of speech
According to the geometry of the palms of the hands,
By face,
On the iris of the eye.

INFORMATION PROTECTION

It was announced in 1988 by the Computer Hardware Association to once again remind all users of the need to maintain the protection of their computers and the information stored on them.

In that year, the Morris worm attacked computers for the first time, as a result of which 6,000 nodes of the Internet's predecessor, the ARPANET, were infected. This attack caused $96 million in damages. The author of this virus might not have been found, but Robert Morris, a graduate student at Cornell University, was forced to confess by his own father. Morris received 3 years of probation and 400 hours of community service. In addition, he paid a $10,500 fine. Since in 1988 it was the first mass epidemic that hit computers, experts began to seriously think about an integrated approach to ensuring the security of information resources.

What is the best way to choose components for a password?

Do not use a password that is a dictionary word.
If possible, punctuation marks can be used.
You can use lowercase and uppercase characters, as well as numbers from 0 to 9.

The optimal number for compiling a password is the number of digits (letters) from 8 to 10.
Use the last characters from a list of numbers, characters, or the alphabet.
Beware of interceptor programs.

“If you don’t report the data within a week, you will be blocked”

"If you want to protect yourself from phishing, follow this link and enter your username and password"

Phishing is a type of Internet fraud, the purpose of which is to obtain identified user data.

How can I fix my copyright on a software product?
Why is software piracy damaging to society?
What are the software and hardware ways to protect information?

The official policy of the state in the field of information security is expressed in Doctrine of information security of the Russian Federation(Order of the President dated September 9, 2000 No. Pr-1895). It expresses a set of official views on the goals, objectives, principles and main directions of ensuring the information security of the Russian Federation and serves as the basis for:

For the formation of state policy in the field of information security of the Russian Federation
Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of information security of the Russian Federation
Developments targeted programs ensuring information security of the Russian Federation

Information Security- this is the state of protection of the subjects of the Russian Federation in information sphere reflecting the totality of balanced interests of the individual, society and the state.

At the individual level implementation of the constitutional rights of a person and a citizen to access to information, to use information in the interests of carrying out activities not prohibited by law, physical, spiritual and intellectual development, as well as to protect information that ensures personal security.

At the level of society we are talking about ensuring the interests of the individual in this area, strengthening democracy, creating a state of law, achieving and maintaining public consent in the spiritual renewal of Russia.

Threatened security means an action or event that can lead to the destruction, distortion or unauthorized use of computer resources, including stored, transmitted and processed information, as well as software and hardware.

Type of threats:

accidental (or unintentional)
deliberate

The main means of protecting computer data:

protection of hardware components of the computer;
protection of communication lines;
database protection;
protection of the computer control subsystem.

Protection system - a set of tools and techniques that protect computer components and help minimize the risk to which its resources and users may be exposed.

There are various security mechanisms:

encryption ;
digital (electronic) signature ;
access control;
ensuring data integrity;
providing authentication;
traffic substitution;
routing control;
arbitration (or examination).

Exit

Encryption (cryptographic protection) is used to implement the encryption service and is used in a number of different services.

Encryption can be :

symmetrical– is based on using the same secret key for encryption and decryption.
asymmetrical- is characterized by the fact that one key is used for encryption, which is publicly available, and for decryption - another, which is secret. However, knowledge of the public key does not make it possible to determine the secret key.

An organization is needed to implement the encryption mechanism special service generation of keys and their distribution among network subscribers.

Mechanisms digital signature used to implement authentication and repudiation services. These mechanisms are based on asymmetric encryption algorithms and include two procedures:

formation of the signature by the sender
its identification (verification) by the recipient.

First treatment provides encryption of the data block or its addition with a cryptographic checksum, and in both cases the secret key of the sender is used.

Second procedure is based on the use of a public key, the knowledge of which is sufficient to identify the sender.

Mechanisms access control check the authority of network objects (programs and users) to access its resources.

When accessing a resource through a connection, control is performed both at the exchange initialization point and at the end point, as well as at intermediate points.

The basis for the implementation of these mechanisms are the matrix of access rights and various options for its implementation. Mandatory lists include security labels assigned to objects that give the right to use a resource.

Another type includes lists of access rights based on object authentication and subsequent verification of its rights in special tables (access control databases) that exist for each resource.

Mechanisms integrity apply both to individual data blocks and to information flows.

Integrity is ensured by the execution of interconnected encryption and decryption procedures by the sender and recipient, followed by a comparison of cryptographic checksums.

However, to implement protection against substitution of the block as a whole, it is necessary to control the integrity of the data stream, which can be implemented, for example, by encryption using keys that change depending on the previous blocks. It is also possible to use simpler methods such as numbering blocks or supplementing them with the so-called stamp (mark) of time.

Mechanisms authentication provide one-way and mutual authentication.

In practice, these mechanisms are combined with encryption, digital signature, and arbitration.

Traffic substitutions , in other words, the text padding mechanism is used to implement the data stream encryption service.

They are based on the generation of fictitious blocks by network objects, their encryption and organization of transmission over network channels.

This neutralizes the possibility of obtaining information about network users by observing the external characteristics of the flows circulating in the network.

source random threats , occurring during computer operation, there may be errors in software, hardware failures, incorrect actions of users, operators or system administrators, etc.

Intentional threats pursue certain goals related to causing damage to users (subscribers) of the network.

Types of deliberate threats:

Active
Passive

Active invasions disrupt the normal functioning of a computer, make unauthorized changes to information flows, stored and processed information. These threats are implemented through a targeted impact on its hardware, software and information resources.

Active attacks include:

destruction or electronic suppression of communication lines,
disabling the entire system connected to the network, or its operating system,
distortion of information in user databases or system data structures, etc.

The information stored in the computer memory can be selectively modified, destroyed, false data can be added to it.

Active intrusions are easy to detect, but difficult to prevent.

With a passive intrusion, the attacker only observes the passage and processing of information without intruding into information flows.

These intrusions, as a rule, are aimed at the unauthorized use of computer information resources, without affecting its functioning. Passive threat is, for example, receiving information transmitted over communication channels by listening to them.

In this case, the intruder performs an analysis of the message flow (traffic), fixes identifiers, destinations, message length, frequency and time of exchanges.

slide 1

Completed by: student group 23 Gubanova E. Ya. Checked by: Turusinova I. P. Yoshkar-Ola, 2015

slide 2

Contents Unauthorized access Information security tools Biometric security systems Anti-malware methods Data backup and recovery Hacking tools and protection against them Conclusion

slide 3

Unauthorized access Unauthorized access - actions that violate the established access procedure or the rules of differentiation, access to programs and data, which is received by subscribers who have not been registered and do not have the right to familiarize themselves or work with these resources. Access control is implemented to prevent unauthorized access.

slide 4

Password protection Passwords are used to protect programs and data stored on your computer from unauthorized access. The computer allows access to its resources only to those users who are registered and have entered the correct password. Each specific user may be allowed access only to certain information resources. In this case, all unauthorized access attempts can be logged.

slide 5

Password protection Password protection is used when the operating system is booted The password entry can be set in the BIOS Setup program, the computer will not boot the operating system unless the correct password is entered. It is not easy to overcome such protection. The following can be protected from unauthorized access: disks, folders, files of the local computer. Certain access rights can be set for them: full access, the ability to make changes, only read, write, etc.

slide 6

Information protection is an activity aimed at preventing information leakage, unauthorized and unintentional influences on information.

Slide 7

Slide 8

Information security tools Information security tools are a set of engineering, electronic, and other devices and devices used to solve various problems of information security, including preventing leakage and ensuring the security of protected information. Information security tools are divided into: Technical (hardware) tools Software tools Organizational tools

Slide 9

Technical (hardware) means These are devices of various types, which solve the problems of information protection with hardware. They prevent physical penetration, access to information, including through its disguise. The first part of the task is solved by locks, bars on windows, security alarms, etc. The second part is noise generators, network filters, scanning radios and many other devices that “block” potential information leakage channels or allow them to be detected.

slide 10

Software tools Software tools include programs for user identification, access control, information encryption, deletion of residual information such as temporary files, test control of the protection system, etc.

slide 11

Organizational means Organizational means consist of organizational and technical (preparation of premises with computers, laying of a cable system, taking into account the requirements of restricting access to it, etc.) and organizational and legal.

slide 12

Biometric security systems Biometric identification systems are used to protect against unauthorized access to information. The characteristics used in these systems are inalienable qualities of a person's personality and therefore cannot be lost and forged. Biometric information security systems include identification systems: by fingerprints; according to the characteristics of speech; on the iris of the eye; according to the image of the face; according to the geometry of the palm of the hand.

slide 13

Fingerprint identification Optical fingerprint scanners are installed on laptops, mice, keyboards, flash drives, and also used as separate external devices and terminals (for example, in airports and banks). If the fingerprint pattern does not match the pattern of the user admitted to the information, then access to the information is impossible.

slide 14

Identification by speech characteristics Identification of a person by voice is one of traditional ways recognition, interest in this method is also associated with forecasts for the introduction of voice interfaces into operating systems. Voice identification is contactless and there are systems for restricting access to information based on frequency analysis of speech.

slide 15

Iris identification To identify the iris, special scanners connected to a computer are used. The iris of the eye is a unique biometric characteristic for each person. The eye image is extracted from the face image and a special barcode mask is superimposed on it. The result is a matrix, individual for each person.

slide 16

Facial Identification Facial recognition technologies are often used to identify a person. Recognition of a person occurs at a distance. Identification features take into account the shape of the face, its color, as well as the color of the hair. Important features include also the coordinates of facial points in places corresponding to a change in contrast (eyebrows, eyes, nose, ears, mouth and oval). At present, the issuance of new international passports begins, in the microcircuit of which is stored digital photography owner.

slide 17

Identification by the palm of the hand In biometrics, for identification purposes, the simple geometry of the hand is used - the size and shape, as well as some information signs on the back of the hand (images on the folds between the phalanges of the fingers, patterns of the location of blood vessels). Fingerprint identification scanners are installed at some airports, banks and nuclear power plants.

slide 18

Other methods of identification use of habitoscopy (three-dimensional image of the face) - Nvisage - developed by Cambridge Neurodynamics EyeDentify's ICAM 2001 device - measures the properties of the retina of the eye - eSign - a program for identifying a digital signature identification by the structure and relative position of the blood vessels of the hand complex system "One-on-one Facial Recognition"

slide 19

Digital (electronic) signature eSign is a signature identification program that uses a special digital pen and an electronic notepad to register a signature. During the registration process, eSign remembers not only the image of the signature itself, but also the dynamics of the movement of the pen. eSign analyzes a range of parameters including and common features handwriting of a particular person.

slide 20

A malicious program is a malicious program, that is, a program created with malicious intent or malicious intent. Antiviruses are used to protect against malware. The reason for the penetration of viruses on computers protected by an antivirus can be: the antivirus was disabled by the user; anti-virus databases were too old; weak protection settings were set; the virus used infection technology against which the antivirus had no means of protection; the virus entered the computer before the antivirus was installed, and was able to neutralize the antivirus tool; it was a new virus for which anti-virus databases have not yet been released Anti-malware methods

slide 21

Anti-virus programs Modern anti-virus programs provide comprehensive protection of programs and data on the computer from all types of malicious programs and methods of their penetration into the computer: the Internet, the local network, Email, removable storage media. The principle of operation of anti-virus programs is based on checking files, boot sectors of disks and random access memory and search for known and new malware in them.

slide 22

Anti-virus programs The anti-virus monitor starts automatically when the operating system starts. Its main task is to provide maximum protection against malware with minimal slowdown of the computer. The anti-virus scanner is launched according to a pre-selected schedule or at any time by the user. The anti-virus scanner searches for malware in the RAM, as well as on the hard and network drives of the computer.

slide 23

Data backup and recovery Backup is the process of creating a copy of data on a medium designed to restore data to its original or new location in case of damage or destruction. Data recovery is the procedure for extracting information from a storage device when it cannot be read in the usual way.

slide 24

Hacker tools and protection against them Network attacks on remote servers are implemented using special programs that send numerous requests to them. This causes the server to freeze if the resources of the attacked server are insufficient to process all incoming requests. Some hacking tools implement fatal network attacks. Such utilities use vulnerabilities in operating systems and applications and send specially crafted requests to attacked computers on the network. As a result, a special kind of network request causes a critical error in the attacked application, and the system stops working. Defence from hacker attacks network worms and Trojans Protection of computer networks or individual computers from unauthorized access can be carried out using a firewall. The firewall allows you to: block hacker DoS attacks by preventing network packets from certain servers from passing to the protected computer prevent network worms from penetrating the protected computer prevent Trojan programs from sending confidential information about the user and the computer.

slide 28

Types and methods of information protection From deliberate distortion, vandalism (computer viruses) General Methods information protection; preventive measures; use of anti-virus programs From unauthorized (illegal) access to information (its use, modification, distribution) Encryption; password protection; "electronic locks"; set of administrative and law enforcement measures Type of protection Method of protection

slide 29

I would like to hope that the system of information protection being created in the country and the formation of a set of measures for its implementation will not lead to irreversible consequences on the path of information and intellectual integration with the whole world that is emerging in Russia. Conclusion Information today is expensive and must be protected. The mass use of personal computers, unfortunately, turned out to be associated with the emergence of self-reproducing virus programs that prevent the normal operation of the computer, destroy the file structure of disks and damage the information stored in the computer.

Description of the presentation on individual slides:

1 slide

Description of the slide:

Subject: Protection against unauthorized access to information KEI HE "Evening (shift) general education school No. 2" in Ustyuzhna Completed by: Shcheglova L.A.

2 slide

Description of the slide:

Basic concepts Information security is a set of measures aimed at ensuring information security. Information security is the protection of the integrity, availability and confidentiality of information. availability - the ability to receive the required information service in a reasonable time. Integrity - the relevance and consistency of information, its protection from destruction and unauthorized changes. Confidentiality - protection against unauthorized access to information.

3 slide

Description of the slide:

Information security is the state of security of the information environment. In computing, the concept of security implies the reliability of a computer, the safety of valuable data, the protection of information from changes by unauthorized persons, the preservation of the secrecy of correspondence in electronic communications. In all civilized countries, there are laws for the safety of citizens; information is protected by the federal law dated July 27, 2006 N 149-FZ "On information, information technology and information protection" (with amendments and additions), but still the reliability of computer systems largely relies on self-protection measures.

4 slide

Description of the slide:

5 slide

Description of the slide:

6 slide

Description of the slide:

Password protection is used when booting the operating system Password login can be set in the BIOS Setup program, the computer will not boot the operating system unless the correct password is entered. It is not easy to overcome such protection.

7 slide

Description of the slide:

Every disk, every folder, every file of the local computer can be protected from unauthorized access. Certain access rights can be set for them - full access, the ability to make changes, read only, write, etc. The rights can be different for different users.

8 slide

Description of the slide:

What is a password? "A password is a secret set of various characters that allows you to identify a legitimate user and his rights to work in a computer system." The general idea is this: the best password is a random and meaningless set of characters. Keep your password in a safe place. Change passwords regularly. This can mislead attackers. The stronger the password, the longer you can use it. A password of 8 or less characters can be used for a week, while a combination of 14 or more characters can last for several years.

9 slide

Description of the slide:

Biometric security systems Currently, biometric identification systems are increasingly used to protect against unauthorized access to information. Biometric identification is a method of identifying a person by individual specific biometric features (identifiers) inherent in a particular person Biometric identification methods are divided into two groups: Static methods Dynamic methods by fingerprints; according to the geometry of the palm of the hand According to handwriting. This technology is becoming a very popular alternative to hand painting. The dynamic signs of writing are analyzed - the degree of pressure, the speed of writing on the iris of the eye; according to the image of the face; By voice. Building an identification code by voice, as a rule, these are various combinations of frequency and statistical characteristics of the voice

10 slide

Description of the slide:

11 slide

Description of the slide:

12 slide

Description of the slide:

Iris identification To identify the iris, special scanners connected to a computer are used. The iris of the eye is a unique biometric characteristic for each person. The image of the eye is extracted from the image of the face and a special mask of barcodes is superimposed on it. The result is a matrix, individual for each person.

13 slide

Description of the slide:

Facial Identification Facial recognition technologies are often used to identify a person. Recognition of a person occurs at a distance. Identification features take into account the shape of the face, its color, as well as the color of the hair. Currently, the issuance of new international passports begins, in the microcircuit of which a digital photograph of the owner is stored. Important features include also the coordinates of facial points in places corresponding to a change in contrast (eyebrows, eyes, nose, ears, mouth and oval).

14 slide

Description of the slide:

Until recently, it was believed that the most reliable method of biometric identification and authentication of a person is a method based on scanning the retina. It contains the best features of identification by the iris and by the veins of the hand. The scanner reads the pattern of capillaries on the surface of the retina. The retina has a fixed structure that does not change over time, except as a result of an eye disease, such as cataracts. Unfortunately, a number of difficulties arise when using this biometric method. The scanner here is a very complex optical system, and a person must considerable time do not move while the system is hovering, which causes discomfort.

15 slide

Description of the slide:

Dynamic Identification Methods - By Handwriting Biometric equipment manufacturers are trying to create reliable face identification systems using dynamic features. The additional hardware of such systems is cheaper than fingerprint or iris scanners. Personal identification systems based on the dynamics of reproducing handwritten passwords (signatures) are very convenient and promising in their class.