- •Classification of threats
- •Types and classification of ciphers
- •4 Distributing of the keys
- •2 Generation of the keys
- •2 Digital signature on the basis of El-Gamal cipher
- •Approaches to systems creation of information protection
- •1 Determination
- •7 Realization of control of integrity and management of protection system
- •3 Secret communication systems
- •1 Feistel Network and spn networks
- •3 General characteristic of des
- •4 Requirements to cryptosystems
- •Diffi-Hellman algorithm
- •2 General description of гост 28147-89 algorithm
- •1 Management a key sequence
- •1 Passing of secret messages by asymmetric cryptosystems
- •3 Storage of the keys
- •4 Electronic-digital signature
- •3 Encipherement in the mode of simple replacements
A threat is an intentional security breach. A threat determines character of actions, resulting in a loss information of one of its properties.
Classification of threats
Threat - one of key concepts in the field of providing of informative safety.
A threat to the object of informative safety is an aggregate of factors and terms, arising up in the process of co-operation of different objects (their elements) and able to render the negative affecting to concrete object of informative safety. Negative influences differentiate on the character of harm inflicted: by a degree of change of properties of safety object and possibility of liquidation of consequences of threat.
There are a few types of classification of threats informative safety of object; threats divide:
- by source (to its location) - on internal (arise up directly on an object and conditioned co-operating between its elements or subjects) and external (arise up because of its co-operating with external objects);
- by a probability of realization - on potential and real;
- by the sizes of the inflicted harm - on general (harm to object of safety on the whole, rendering the substantial negative affecting terms of its activity), local (affect the conditions of existence of separate elements of safety object) and private (harm for separate properties of elements of object or separate directions of its activity);
- by nature origins - on casual (unconnected with the actions of personnel, state and functioning of object of informative safety, such as refuses, failures and errors in process facilities of automation, natural calamities and other extraordinary circumstances) and intentional (conditioned the ill-intentioned actions of people);
- by nature origins - on natural (or they are yet named by the objective - caused failings systems of informative safety of object, for example, by imperfection of the developed normatively-methodical and organizationally-planned documents, by absence of specialists at a protection etc.) and artificial (they are named yet subjective - conditioned activity of personnel of object of safety, for example, by errors in process, low level of preparation in the questions of protection, ill-intentioned actions or intentions of extraneous persons).
It is possible also to take to the natural threats, for example, natural calamities.
It is possible to take to the artificial threats, for example:
- influence of the strong magnetic fields on magnetic carriers of data;
- careless storage and account of carriers, and also their unclear identification (so, error of data input), careless actions of personnel, resulting in the disclosure of confidential information;
- disclosure, loss of access attributes (passwords, admission etc.);
- entrance in the system in the round of facilities of protection.
Examples of intentional threats:
- masking under an user;
- use of official position;
- rapine of carriers of data and its unauthorized copying;
- dissection of ciphers of cryptographic protection;
- introduction of apparatus and programming book-marks or viruses;
- illegal connecting to the communication line;
- intercept of data.
Intentional threats, in same queue, are divided by 2 kinds:
- passive penetration;
- active penetration.