Paper Title (use style: paper title)

Download 28,27 Kb.

bet	1/2
Sana	02.01.2022
Hajmi	28,27 Kb.
	#311888

1 2

Abstract

METHODS OF PROTECTION AGAINST UNAUTHORIZED ACCESS
Sayfullaev Sherzod

Tashkent university of information technologies named after Muhammad al-Khwarizmi

Tashkent, Uzbekistan, sherzodsay@gmail.com

Shirinov Laziz

Tashkent university of information technologies named after Muhammad al-Khwarizmi

Tashkent, Uzbekistan, shirinovlaziz05@gmail.com

Abstract — This article examines possible options for obtaining illegal access and possible ways of using the information obtained. The methods of protection against unauthorized access and data protection on a PC are shown. The ways of preventing network attacks are given.
Keywords — unauthorized access, data protection, network attacks, security protocols, authentication, identification.

INTRODUCTION

Modern companies have significant amounts of information at their disposal. In today's realities, it is the main resource. Databases need to be securely protected against criminal misuse, which poses a serious threat to the company's operations and existence. Therefore, it is so important to ensure that your data is protected from unauthorized access. This is a set of measures aimed at controlling user authority. The company introduces restrictions on the use of information that employees do not need to perform their direct duties. It is necessary to control actions both with paper documents and with information on electronic media.

In order to create a reliable information security system, you need to determine the possible ways to obtain data.

METHODS FOR OUTSIDERS TO ACCESS INFORMATION

Unauthorized access to information (unauthorized access to information) can be obtained in different ways. Direct theft of documents or hacking of computer operating systems are only a small part of the options. Electronic means of information storage are considered the most vulnerable, since they can be used by remote methods of management and control.

Possible options for obtaining illegal access [1-3]:

connection to communication systems (telephone lines, intercoms, wired intercoms);
theft of documentation, including its copying (duplication) for hostile purposes;
direct use of computers, external drives or other devices containing information;
introduction into the operating system via the Internet, including the use of spyware, viruses and other malicious software;
use of company employees (insiders) as sources of information.

Connecting to an active communication channel allows you to obtain information in an indirect way, without direct access to databases. Fiber-optic lines are considered the most protected from outside intrusion, but they can also be joined after some preparatory operations. In this case, the target of the attackers is the working negotiations of employees - for example, when conducting investigative measures or when performing financial transactions.

Cybercriminals often use company employees to obtain the information they need. Various methods of persuasion and motivation are used - from bribery to harsher methods (intimidation, blackmail). The risk group includes employees who have a conflict with colleagues or with the administration of the company. These workers can have authorized access to information, allowing them to receive certain information without restriction. User authentication in this case is not an effective security measure, since it can only cut off outsiders.

Another internal threat is the theft of media containing valuable information, for example, program code that is developed by the company. This can only be done by trusted persons who have access to confidential data in physical or electronic form.

In parallel with the development of information security tools, new methods of unauthorized service are being developed. It should be understood that the methods of illegal acquisition of data studied are not considered promising. The greatest danger is posed by new and little-studied ways of accessing company resources, against which there are still no effective methods of struggle. Therefore, the means of protection against unauthorized access should not be considered an unnecessary measure. This is not an attempt to play it safe, but a consequence of a correct understanding of the magnitude of the threat.

The main purpose of unauthorized access to information is to generate income from the use of someone else's data.

Possible ways to use the information received [4]:

resale to third parties;
forgery or destruction (for example, when gaining access to the databases of debtors, persons under investigation, wanted persons, etc.);
the use of other people's technologies (industrial espionage);
obtaining bank details, financial documentation for illegal transactions (for example, cashing money through someone else's account);
altering data in order to harm the company's image (illegal competition).

Confidential information represents the equivalent of cash. At the same time, for the owner himself, the information may not mean anything. However, the situation is constantly changing, and data can suddenly become of great importance, and this fact will require reliable protection.

METHODS OF PROTECTION AGAINST UNAUTHORIZED ACCESS

Methods of protecting computers from unauthorized access are divided into software and hardware and technical. The first ones cut off unauthorized users, the second ones are designed to exclude the physical penetration of unauthorized people into the premises of the company.

When creating an information security system (ISS) in an organization, one should take into account how great the value of internal data is in the eyes of attackers.

For proper protection against unauthorized access, it is important to do the following [5]:

sort and divide information into classes, determine the levels of access to data for users;
evaluate the possibilities of transferring information between users (to establish communication between employees).

As a result of these activities, a certain hierarchy of information appears in the company. This makes it possible to differentiate access to information for employees depending on their type of activity.

Data access audit should be included in the functionality of information security tools. In addition, the programs that the company decides to use must include the following options [6]:

authentication and identification when logging into the system;
control of access to information for users of different levels;
detection and registration of tampering attempts;
monitoring the performance of the used information protection systems;
ensuring safety during preventive or repair work.

User identification and authentication

To perform these procedures, technical means are required, with the help of which a two-stage determination of the identity and authenticity of the user's authority is carried out. It should be borne in mind that identification does not necessarily require identification. Any other identifier set by the security service may be accepted.

This is followed by authentication - the user enters a password or confirms access to the system using biometric indicators (retina, fingerprint, hand shape, etc.). In addition, they use authentication using USB tokens or smart cards. This option is weaker, since there is no full guarantee of the safety or authenticity of such elements.

Download 28,27 Kb.

Do'stlaringiz bilan baham:

1 2