Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.
Краткое сожержание материала:

Размещено на

Ministry of Education and Science of the Russian Federation

State Educational Institution of Higher Professional Education

National Research Tomsk Polytechnic University

Institute of Cybernetics

Department: Control System Optimization

Specialization: Applied informatics in economics

THE ANALYSIS OF INFORMATION SECURITY PROBLEMS IN THE COMPUTER NETWORK, WHICH IS CONNECTED TO THE INTERNET

Group: 8592

Student: L.S.Kovina (______)

Supervised by: R.V.Deniko (______)

Tomsk - 2013



Content

Introduction

1. Information security problems of modern computer companies networks

2. The levels of network security of the company

3. Information Security in the Internet - Services

4. Methods of protection organization's computer network from unauthorized access from the Internet. The use of firewalls

Conclusion

References



Introduction

Computers, networks, Internet are essential part of our everyday life. Our world day after day becomes more and more dependent from information technology. Today each company network has access to Internet, this creates big security problems, because for computer hacking does not requires physical access.

Computer Security Institute gets such data in result of last research: security systems of 70% companies were hacked.60% of these attempts have been engineered from outside via the Internet.

Considering these facts, we can say, that security network problems of most companies are not decided, so these companies have large financial losses. One of solution to security problems decide is the use firewalls.

1. 

1. Information security problems of modern computer companies networks

The relevance and importance information security problems are explained by next factors:

· Development pace of network security technologies are lag far behind the information technologies advance generally.

· The sharp increase of the PC users worldwide

· High computer literacy of the general population

· A significant increase in the volume of information , which are stored and processed by computers and other automation equipment;

According to experts, at the present time about 70-90% information and documents of the companies are stored in digital format - text files, spreadsheets, databases.

· Numerous vulnerabilities in software and network platforms;

Because of competition, modern software products are gone on sale with errors and flaws. Developers include in product a large number of functions, but they have no time for debugging and testing created systems. Errors and omissions remaining in these systems lead to accidental and intentional breaches of information security.

· The rapid development of the Internet contributes to security breaches of information processing systems throughout the world.

Such globalization allows hackers to carry out an attack on the corporate network from anywhere in the world where there is Internet, not having physical access.

The hacking attack may have the following objectives:

* Breach of confidentiality of information.

Information, which are stored and processed in a computer network of company, may have great importance to its owner. Its use by others causes significant damage to the interests of the owner;

* Breach of the information integrity, discreditation and misinformation.

Because of information integrity loss, valuable information may be lost, spoiled, deleted or changed in result of unauthorized access. The damage from such actions can be a lot more than a breach of confidentiality;

* Breach of network performance (partial or complete).

Decommission incorrect modification of network nodes, their substitution may lead to incorrect results, the network failure. Keeping in mind that all important documents - reports, purchase orders, financial coordination - are processed in network, the damage can be significant.

Therefore, ensuring security of computer systems and networks is one of the leading areas of information technology.

jnternet security company networks



2. The levels of network security of the company

Corporate information system (network) - the information system, which has limited number of users, defined by the owner or the agreement of the participants of this information system ( from the law on electronic digital signature).

Corporate network is a distributed computer systems, automated processing of information. The information security problem is central to such computer systems.

Ensuring the company network safety involves protection against unauthorized intrusion into the functioning process of network, as well as attempts to modify, disabling or destruction of its components. Other words, that is, the protection of all components of network - hardware, software, data and personnel.

Consider, how at the present time are deciding information security problems in the enterprise communications. Research firm Gartner Group identifies four levels of maturity in terms of information security (IS):

Level 0:

· No one in the company controls information security questions, the company is not aware of the importance of information security problems ;

· Funding is not available ;

· IS is implemented by regular means of operating systems, databases and applications (password protection, antivirus programs, concurrent access to resources and services).

· All technical issues are the responsibility of the network administrator, which is often a student. Here the important thing is that everything worked.

Level 1:

· IS is considered by management as a purely "technical" problem, there is no single program (concept, politics) of information security management system of the company;

· Funding is part of the overall IT - financing;

· IS is implemented by means of the zero-level backup, anti-virus tools, firewalls, VPN (traditional remedies).

Level 2:

· IB is regarded as a set of organizational and technical measures;

· there is awareness of the importance of information security for the production processes;

· is approved by the development of information security system;

· Funding is under a separate budget;

· IS is implemented by means of strong authentication , mail messages and web content analyzing , intrusion detection , security analysis tools, public key infrastructure;

· Arrangements - internal and external audits, risk analysis, information security policy, regulations, procedures, regulations and guidance.



3. Information Security in the Internet - Services

3.1 World Wide Web

Security problems HTTP- clients are connected to their extensibility. Since the web- servers provide data in many formats (text, HTML, gif-image and jpeg-image files, audio files, etc.) for playback of various formats browsers call external applications.

For example, to view the file format of Microsoft Word, the browser will cause Microsoft Word. Typically, browsers warn the user of calling an external program and this fact need to be confirmed, and, as a rule, people do not pay attention to these warnings. While many data formats may include executable code, such as macros in Microsoft Word and Microsoft Excel, a simple view with a kind of harmless materials may lead to the execution of threat code on a user's machine.

It should also take into account the existence of "active ingredient» (active content), such as Java- applets, Javascript, ActiveX, etc., which also contain code that runs on the user's behalf.

Simple solution to the safety problems associated with the active components and other executable code, which is downloaded from WWW does not exist. Methods of dealing with the problems include user training and explaining to them the security issues associated with downloadable executable code of the network, disable the client software; you can upload performance of the active components, the timely update client software to fix bugs or errors in it.

3.2 E-mail

E-mail has widespread and heavily used by the service. In itself, it is a relatively small risk, but nevertheless, we should be careful.

The main problems associated with e-mail:

· Fake e-mails.

Protocol SMTP, used for sending e-mail to the Internet does not provide the means of authentication of the sender. Address of t...