Definition and main methods of unauthorized access
According to the definition, unauthorized access is one of the types of information leakage.
Unauthorized access to information (NSD), according to the governing documents of the State Technical Commission, is access to information that violates the established rules for access differentiation.
NSD may be accidental or intentional.
As a result of NSD, a threat to the confidentiality of information is most often realized, but the attacker's goal may also be the implementation of other types of threats (information integrity, disclosure of system parameters).
Both publicly available and hidden methods and means are used for deliberate NSD.
Such methods are:
proactive cooperation (betrayal);
inducement to cooperate (bribery, blackmail);
eavesdropping on negotiations in a variety of ways;
unspoken familiarization with the information that constitutes a secret;
theft, copying, forgery, destruction;
illegal connection to communication channels and data transmission lines;
interception (acoustic or radio interception, including due to side electromagnetic radiation and interference);
visual observation, photographing;
collection and analytical processing of detailed information or industrial waste.
The main methods of NSD in information systems include:
direct access to access objects;
creation of software and hardware tools that access access objects bypassing security measures; modification of security measures that allow for the implementation of NSD;
the introduction of software or technical mechanisms into the technical means of an information system that violate the intended structure and functions of the system and allow for the implementation of NSD.
Knowing the totality of information sources, possible channels of leakage of protected information and the variety of ways of unauthorized access to sources, you can begin to develop protection measures.