Methods and means of protecting computer information are a combination of various measures, hardware and software, moral and ethical and legal standards, which are aimed at countering the threats of intruders and minimizing possible damage to system owners and users of information.
Consider the following varieties of traditional measures to counter the leakage of information from a computer.
Technical methods and means of information protection
These include:
- protection against unauthorized access to a computer system;
- backup of all important computer subsystems;
- networking with the subsequent ability to reallocate resources if there is a disruption in the performance of individual network links;
- installation of equipment for fire detection and extinguishing ;
- installation of equipment for water detection;
- adoption of a set of measures to protect against theft, sabotage, sabotage, explosions;
- installation of a backup power supply system;
- equipping the premises with locks;
- alarm installation, etc.
Organizational methods and means of information protection
These include:
- server protection;
- carefully organized recruitment;
- the exception of such cases when all especially important work is performed by one person;
- development of a plan on how to restore the server’s performance in a situation when it fails;
- universal protection against any user (even from top management).
Ways of unauthorized access to information
It is not enough to know the above methods and means of protecting information; you need to understand how unauthorized access to information can be made.
It should be noted that unauthorized access to important information can occur during repair or maintenance work with computers due to the fact that residual information on the media can be read, despite the fact that the user deleted it in a timely manner by the usual method. Another way is when the information is read from the medium if it is transported without protection.
The work of modern computers is based on integrated circuits, during the operation of which high-frequency changes in current and voltage levels are carried out. This leads to the fact that in the power circuits, nearby equipment, ether, etc. there are electromagnetic fields and interference, which with the help of some "spyware" technical means can be easily transformed into information that is being processed. In this case, the smaller the distance from the receiver of the attacker to the hardware, the greater the likelihood that it will be possible to remove and decrypt the information. Familiarization with the information, which is unauthorized, is also possible due to the direct connection by the attacker of “spy” means to network equipment and communication channels.
Methods and methods of information protection: authentication and identification
Identification is the assignment of a unique image or name to a subject or object. And authentication is a test of whether the subject / object is who it is trying to impersonate. The ultimate goal of both measures is the admission of the subject / object to the information that is in limited use or the refusal of such admission. The authenticity of the object can be carried out by a program, a hardware device or by a person. The objects / subjects of authentication and identification can be: technical means (workstations, monitors, subscriber stations), people (operators, users), information on the monitor, magnetic media, etc.
Methods and means of information protection: using passwords
A password is a collection of characters (letters, numbers, etc.) that is designed to define an object / subject. When it comes to the question of which password to choose and set, the question always arises of its size, the method of applying resistance to the selection by an attacker. It is logical that the longer the password, the higher the level of security it will provide to the system, since it will take much more effort to guess / pick a combination.
But even if the password is reliable, it should be periodically changed to a new one in order to reduce the risk of its interception during direct theft of the media or removal of a copy from the media or by forcibly forcing the user to say a “magic” word.