At the protection organisation it is necessary to consider the different rights and possibilities which each of the designated groups has. If with protection against extraneous people and users of system all is simple enough, C protection against abusings of managers and developers of business are much more difficult. From known means it is possible to recommend division of functions (for example to divide functions of the manager of system and the expert in safety of system) and conducting reports of work on devices with unitary record (WORM). Generally, if there is a necessity to build the system protected from managers and developers, it is necessary to address to experts in computer safety. However, in the considerable majority of cases there is enough protection against strangers and users.

What to do?

There are many variants of strengthening of safety of system. As the first step it is necessary to estimate the maximum losses from successful attack and to define, what expenses for safety strengthening will be comprehensible and sufficient. Proceeding from it it is necessary to select hardware, program and administrative means of strengthening of safety.

Restriction and access differentiation

It is conventional that any user should have access only to those resources which are necessary for it. All network environments have more or less developed means of restriction of access. A key problem at access differentiation is identification of the user.

Before any server of system will give access to the resources, he should understand, with whom deals. On the other hand, before handing over on any server the important information, the subscriber too wishes to be convinced that its data will be sent to destination.

Protection serves in the elementary variant for acknowledgement of powers of the client парольная. However in itself it is not panacea. The password can be intercepted by transfer on a network, to pick up, peep at a set etc. This problem dares use of additional means: чиповых cards or TOUCH MEMORY http://www.confident.ru/. At construction of systems with high degree of protection identification devices on biological parametres can be applied: on an eye retina, on a fingerprint or under the hand form. But all these methods mean possibility of physical contact to the detector. If it is impossible, following principles are applied: before transferring the password, it is necessary to establish the connection protected by enciphering of the traffic. It becomes as follows: at connection the server transfers to the client the open key, the client generates a confidential (symmetric) key, ciphers its open key and transfers to a server. Further all traffic, including a name and the password of the user, is transferred on a network in the ciphered kind. In this chain there is one more weak link - the user too should be convinced that deals with that server with which he wished to deal. Otherwise the situation when malefactors palm off on you the "false" server is possible. You are connected to it, enter the password then the false server simulates failure in a network, having remembered your combination of a name and the password. Further it can be used for access reception to the present server. For the permission of the given problem servers аутентификации serve. At an establishment of the protected connection the third party which confirms authenticity and the client and a server is used. On the Internet there are the firms rendering similar services for money. Thereupon it is necessary to mention following products: secure shell the firms, allowing to work in the command interpreter with traffic encoding, the report ssl (secure socket layer) firms netscape communications corporation, using system of certificates аутентификации and enciphering on algorithm rsa (rsa data security, inc.) at work through a web-browser, and also system аутентификации kerberos and others.

Misinformation

Misinformation is a first barrier on a way attacking. For realisation of successful attack it is necessary to know about attacked system much. Even harmless at first sight the information (for example, about the version of your operating system or WEB - a server) can be important at attack. Therefore the first step at construction of system of protection is a concealment or distortion of a maximum of the information.

To begin with it is necessary to replace all standard invitations and headings. Then it is necessary to get two DNS-servers - one for an external world, and another for internal use. On a DNS-server intended for an external world, it is necessary to exclude records about all cars except for absolutely necessary minimum. Here, the truth, can arise a problem. Some WEB - and FTP-servers demand presence of the registered name at connection to it. PROXY-server application is In that case quite justified. Well and, at last, it is not necessary to give out the full information on system when you are called by the trading agent and under the pretext of sale of a new server or a router tries вызнать at you a detail of adjustment of your network. Same concerns also every possible registration forms on WEB-servers and other places. It is necessary to warn also all employees that any information on a local network of the organisation is the classified information.

Traffic enciphering

At the organisation of the intranet the traffic which earlier was not falling outside the limits a local network, is passed through many kilometres of networks of the general using. Thus very many people can see it. Especially it concerns traffic transfers through the Internet, but threat remains and by its transfer through the allocated digital channel. To prevention of interception of the information at this stage apply enciphering. Now good algorithms of enciphering are developed many. All can be divided them on two essentially different groups - with a symmetric (confidential) key and with asymmetrical (opened). The difference between them consists in the following: at use of a symmetric key and the sender and the addressee of the message should have the same confidential key with which help the message is ciphered and deciphered. The main problem at this method - transfer of a confidential key. The confidential key should be transferred on the confidential channel. If two subscribers have no the confidential channel among themselves and not in a condition to meet personally the given scheme is unacceptable. At enciphering with an open key the pair of keys - opened and confidential is created. The message ciphered by means of an open key, cannot be deciphered without knowledge of a confidential key and on the contrary. This property gives the chance to do without the confidential channel. If I want, that someone has sent me the ciphered message, I generate pair of keys and I publish an open key in the widest image. Any who can receive my open key, can send me the ciphered message which I can decipher only a pair confidential key. On it advantages of the given method come to an end and begin lacks: enciphering with asymmetrical keys demands more than computing resources, for maintenance similar криптостойкости longer key should be used. And in general the given method is based on not proved theorem of impossibility in the analytical way to spread out any number on simple multipliers. For these reasons the given method of enciphering usually apply in a combination with traditional enciphering with a symmetric key.

It would be desirable to warn against use of unchecked and self-made systems of enciphering. There is an opinion, if system known it is known and as it to break - is better I will write own algorithm, though also unpretentious, but to nobody known. It in a root the incorrect approach. The cryptography is much more difficult and more extensive, than it seems at first sight, and криптоаналитика is much more powerful.

Conducting "personal magazines"

Generally because of defects in applied systems, for the sake of increase of convenience of work or for simplification of administration a little superfluous rights are given to the user. For example, if at work of some program it is necessary to write down the data in files the rights for record in the whole catalogue are usually given. In this case the user can break system work, without exceeding the rights delegated to it.

Conducting reports of work of separate users can help with similar cases. It allows to track if necessary actions of the user, precisely to define that took place - an error or attack when also what actions have been made. Often such reports help to restore integrity of system. Lacks of conducting such reports, alas, are obvious: great volume of reports leads to that nobody analyzes them, besides, they simply take a lot of place on disks or other stores.

Fireproof walls

During the last years fireproof walls (FIREWALLS) or "gateway screens" (their this official name) have got the status of absolutely necessary means at connection to the Internet. Even if you are connected from the house computer, there is a sense to think of a fireproof wall and if you connect a local network to the Internet the fireproof wall becomes simply necessary.

Fireproof walls can be classified on level in standard network model on which it works.

The first level - a filtration of passing packages at level IP. At this level it is possible to carry out the protection based on IP-addresses. For example, not to pass packages from the Internet, directed on those servers access to which should not be carried out from the outside. Also at this level such artful kind of attack, as IP - SPOOFING, that is the reference to your car with a false return address of a package (for example, belonging to any car in your local network) can be stopped. In this case the filtration is carried out by that principle that from the channel on which you are connected to the Internet, the package with the IP-address from your local network cannot come.

The following level - TCP-connection. Here the filtration is possible, except addresses, also under numbers of ports TCP and the flags containing in packages. (For example, inquiry about a connection establishment.) as at the given level reports UDP and ICMP are filtered.

Further the analysis of applied reports, such as FTP, HTTP, SMTP and other follows. At the given level the control over contents of data flows can be carried out. In particular, it is possible to forbid for users of your local network to receive executed modules or other types of files from the Internet.

And at last, there are the means including together with all mentioned levels of a filtration expert system which, analyzing the traffic, diagnoses the events, able to pose threat of safety of your network, and informs on it the manager. Also it can independently change filtration rules, - for example, to toughen them in case of danger.

The extensive market in this area was currently generated. On it means in the widest range of the prices are presented. Freely extended UNIX-systems, such as FREEBSD (http://www.freebsd.org/) and linux, include tools for a filtration at levels ip, tcp, udp and icmp. From paid systems it is necessary to mention firewall-1 (check point software), firewall plus, border manager (novell http://www.novell.com/), black hole. Also safety means are present at operating systems of hardware routers, for example ios v.11.x firms cisco systems (http://www.cisco.com/).

At fireproof wall installation it is possible to adhere to various concepts. In the most protected variant all connections as from the Internet on cars of a local network, and from local cars outside are forbidden. For work with FTP - and WEB-servers the PROXY-server which can at the same time and analyze the user traffic is established. In the facilitated variant all reports, work through FTP are closed and HTTP it is authorised. It delivers less inconveniences, but leads to that it is necessary to open a wide range of ports TCP for entering connections as it is demanded by report FTP. Well and, at last, such variant of work when everything is opened is possible, only separate places are covered, for example, TELNET on an UNIX-server or 139th port through which division of resources in WINDOWS works.

Routine

Routine work is not less important at all, than competently constructed system. Not each attack is shown at once. There can Be such attack which consequences will be shown in some weeks or months. In this connection it is necessary to plan in advance expenses of time for the analysis of reports, the control of performance of regulations and to that similar actions.

In a case when at system work great volume of various reports is generated, some automation of their analysis is simply necessary. In primitive variants there is enough calculation of statistics and convenient display of the received results. Even such modest measures will allow to reveal unusual behaviour of the user (access to time unusual to it, sharp change of volumes of the received information, etc.).

The analysis of integrity of the information is necessary for prevention of damage of the information: integrity testing архивированных files, calculation and verification of the control sums for files.

Only careful execution of routine procedures can give some grounds to consider system safe.

Difficulties

Many quite obvious measures can give absolutely paradoxical effect if not to consider that the ordered measures are carried out by live people.

For example, on channels IRC it is possible to meet complaints to, whether that "the administrator is going to close access to IRC" and in this connection "it is impossible this interdiction somehow to bypass". On a course of "conversation" such user is ready to tell everything about the network that knows, and to take advantage of almost any council which to it will give, up to start of transferred program any there and then which can quite appear "Trojan".

The psychology of users is necessary for considering almost constantly. So, an axiomatic rule not to use "standard" passwords comes to the contradiction with a rule "never to write down passwords". The rare user is capable to remember at once even the said eight-symbolical password. Therefore a frequent picture is or application of passwords of type "QQQQQ", "PRIVET", etc. In a case when similar passwords are eliminated automatically, about workplaces it is easy to meet a piece of paper on which generated duly, "absolutely confidential" password generated duly is written down.

Depending on a concrete situation various decisions can be made: a rigid regulation of works, additional restrictions on a place (on what computer) and an operating time, toughening of access to premises, access to system, use of hardware devices of identification (for example, DALLAS LOCK) etc. whence is possible.

Described in the literature взломы systems with use so-called "social engineering", that is with use of psychological, nontechnical methods, show extraordinary efficiency of such ways, as temporary employment for work, use of personal contacts to workers of the enterprise etc. The problem of prevention of use of such methods concerns security service conducting more likely, but nevertheless some measures should be accepted by the system administrator.

First, it is not necessary to disclose and furthermore in details to explain the system device, ways of its protection against unapproved access.

Secondly, it is necessary to try to combine a rigid regulation of work of the personnel (use of passwords, observance of privacy and differentiation of powers) with possible wider cooperation. That is it is not necessary "from a principle" to block services interesting to people. Generally it is necessary to make more likely use of some tool safe, by application PROXY or the traffic analysis, rather than absolutely to forbid service use. The abundance of interdictions leads to that people search (and often find!) the roundabout ways, nevertheless allowing to do that would be desirable, but already bypassing the system administrator. Especially unpleasantly that in the course of search of such ways various "acquaintances" who receive the confidential information on system are involved.

The following problem is an observance of the established regulations by a management and the manager of system. Frequently after introduction sufficient (according to the manager) security measures there comes some euphoria. A consequence of it is that the established regulations are executed not completely or is not executed at all, reports are not analyzed, is not made sufficient testing.

The resume

Hardly this article can cause revolutionary changes in minds of readers. Eventually, on safety problems the huge number of articles, notes (for example, on a server http://www.hackzone.ru/), etc. is written. Is more or less detailed and informative books and managements. So information, in general, it is quite enough. As the resume it is possible to result some good wishes:

• сбалансированно approach to protection and reliability problems;
• Do not try to follow a fashion and do not jump aside here and there;
• Consider in work psychology of users;
• Avoid for a long time known problems which there were already many managers;
• If you feel that a problem to you not on a shoulder, recognise it and address to experts.