Engineering and technical methods of protection against unauthorized access
Building protection systems against the threat of leakage through technical channels
Violation of confidentiality occurs as a result of information leakage. Information leakage protection is an activity aimed at preventing the uncontrolled dissemination of protected information as a result of its disclosure, unauthorized access to information and receipt of protected information by intelligence agencies.
The main reasons for information leakage are:
non-compliance by personnel with standards, requirements, and operating rules;
errors in the design of the system and protection systems;
conducting technical and intelligence intelligence by the opposing side.
The causes of information leakage are quite closely related to the types of information leakage.
In accordance with GOST R 50922-96, three types of information leakage are considered:
disclosure;
unauthorized access to information;
obtaining protected information by intelligence agencies (both domestic and foreign).
An information leakage channel is a combination of an information source, a material carrier or a distribution medium of a signal carrying the specified information and a means of extracting information from a signal or carrier. One of the main properties of the channel is the location of the means of extracting information from the signal or carrier, which can be within or outside the controlled area.
When identifying information leakage channels, it is necessary to consider the entire set of system elements, including the main equipment of information processing equipment, terminal devices, connecting lines, distribution and switching devices, power supply systems, grounding systems, etc.
Along with the main technical means directly related to the processing and transmission of information, it is necessary to take into account auxiliary technical means and systems, such as technical means of open telephone, fax, loudspeaker communication, security and fire alarm systems, electrification, radio, clock, household appliances, etc.
Auxiliary means extending beyond the controlled zone, as well as extraneous wires and cables that are not related to them, but passing through rooms with basic and auxiliary technical means installed in them, metal pipes of heating, water supply systems and other conductive metal structures, are of great interest as leakage channels.
It should be remembered about the internal channels of information leakage related to the actions of the administration and service personnel, with the quality of the organization of the work regime, especially since they are usually not given due attention. Of these, first of all, it is possible to note such leakage channels as theft of media, the use of industrial and technological waste, visual removal of information from a monitor and printer, unauthorized copying, etc
. Information leakage channels according to physical principles can be divided into the following groups:
acoustic (including acousto-transformative).
They are associated with the propagation of sound waves in the air or elastic vibrations in other media;
electromagnetic (including magnetic and electric);
visual-optical (observation, photographing).
In this case, cameras, video cameras, etc., can be considered as a means of extracting information;
tangible (paper, photos, magnetic media, waste, etc.);
informational. They are related to access to system elements, data carriers, the input and output information itself, to software, as well as connection to communication lines.
In practice, the division of leakage channels into technical (these include acoustic, visual-optical and electromagnetic) and information channels is also used.
When assessing the degree of danger of technical leakage channels, it should be borne in mind that the presence of a carrier (acoustic or electromagnetic field) is not always a sufficient factor for removing information. For example, with low speech intelligibility, it is impossible to restore its meaning. Side electromagnetic radiation from electronic equipment may not carry an informative signal (for example, radiation resulting from the generation of clock pulses of computer equipment). For an objective assessment, special equipment studies and special inspections of workrooms are carried out. Such studies and inspections are carried out by organizations licensed for the relevant type of activity. When identifying technical channels of information leakage, measures are taken to block them.