Information security issues
International Congress on Multidisciplinary Studies in Education and Applied Sciences
Yüklə 167,95 Kb. Pdf görüntüsü
|
|
International Congress on Multidisciplinary Studies in Education and Applied Sciences
Berlin, Germany June 3 rd 2022 conferencezone.org 242 password files. Network Analyzers (Sniffers): Through software that listens to network traffic. They have the ability to automatically separate user names, passwords, credit card numbers from traffic. The most common aggression has the following statistics: An analysis of 237 computer attacks conducted by NIST in 1998 was published on the Internet: 29% of attacks occurred in the Windows environment. Lesson: Unix alone is not dangerous. In 20% of the attacks, the attackers reached the network elements (routers, switches, hosts, printers brandmauer) remotely. Lesson: Hosts can be accessed remotely without notice. 5% of attacks were successful against routers and firewalls. Lesson: Internet network infrastructure developers do not have enough resistance to computer attacks. 4% of attacks are organized to find free hosts that can withstand Internet aggression. Lesson: It is good that system administrators themselves regularly scan their hosts. 3% of attacks are organized by websites against their users. Lesson It is not safe to search for information on the WWW. 1999 on the Internet. the most common computer attacks in March. Sendmail (oldest program), ICQ (complex "I'm looking for you" program, used by about 26 million people), Smurf (program that works with ping-packages), Teardrop (error-sensitive program), IMAP (mail program), Back Orifice ( trojan horse, for remote control of Windows 95/98), Netbus (similar to Back Orifice), WinNuke (can completely stop Windows 95) and Nmap (scanning program). With the help of WinNuke, Papa Smurf and Teardrop programs, malicious people can attack and damage your computer. 3. Directions of information security The international standard NIST 7498-2 defines basic security services. Its task is to determine the security aspects of the open system communication model. These are: Authentication. Authentication of a computer or network user; Access control. Check and ensure that the user has access to the computer network; Data integrity. Checking the contents of the database for accidental or unauthorized changes; Confidentiality of information. Protecting Content from Unauthorized Disclosure Inviolability (Neoproverjimost). To prevent the sender from acknowledging that the data set was sent by the sender or received by the recipient. Many additional services (audit, access) and support services (key management, security, network management) serve to complement this basic security system. The complete security system of the web node must cover all of the above security areas. Appropriate security tools (mechanisms) should be included in the software product. Improving authentication involves addressing the shortcomings of reusable passwords, ranging from disposable passwords to high-tech biometric authentication systems. Items that users carry with them, such as special cards, special tokens or floppy disks, are much cheaper and safer. The unique, module code protected application module is also handy for this purpose. Public key infrastructure is also an integral part of Web node security. The distribution system (people, computers), Public Key Infrastructure (certificate publisher), which is used to ensure authentication, data integrity and confidentiality of information, publishes an electronic certificate. It contains the user ID, its public key, some additional information for the security system, and the digital signature of the certificate publisher. Ideally, this system will create a chain of certificates for the user at any two points on Earth. |