Download ppt - Требования к защите информации

.., .., 2003-2008

. . : . ., 1992. . . : . ., 1992.

15408-02 .., 2002. . . ..: , 2002. / 17799-2005. .

( ); , ; , , , , ; , ; , ;

, , ; , , , ; , ; ;

, , , , (), ..; . . , .

() BIOS

BIOS (, CD-ROM, USB-)

Security (Password) : MBR Bios Setup (Supervisor)

Advanced CMOS Features

- () - - -

( .. )

Min 8-10 QWERTY IVAN, PAROL, gfhjkm Aa1; + Alt+. Rz23Sa5v,

(-)Touch-memory (Dallas iButton) (e-token USB-, PCMCIA - )-

, Windows 2000, XP MCBC 3.0 Windows XP

3.0 , 2 , ,

( () ) 1. 2. 3. -- 4. ,

1

2

3

User 1

R

RW

User 2

R

RW

User 3

RW

RW

RW

Intel Windows NT/2000OC Novell NetWare Linux Trusted Xenix Trusted Oracle

Secret Net Windows NT/2000 Dallas Lock Windows NT/2000 - Windows NT/2000 OC Novell NetWare

- , , , , .

Security (Password) : MBR Bios Setup (Supervisor)

Advanced CMOS Features

Wavetrend (Link-IT)

- -( )

Wavetrend (Link-IT)- - ( )

Secret Net 2000( )

Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( )

- -PCI

Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( ) - -PCI ( )

NT 2.0 ( )

Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( ) - -PCI ( ) NT 2.0 ( )

() ( .. )

Min 8-10 QWERTY IVAN, PAROL, gfhjkm Aa1; + Alt+. Rz23Sa5v,

( , , ) : (SmartPen) ,

(-)Touch-memory (Dallas iButton) (e-token USB-, PCCard , PCMCIA - )-

BIOS MBR BR

- BIOS MBR BR

NT BIOS MBR BR

()

-

(

Main BIOS

BIOS

Secret Disk Standart (Aladdin Software Security R.D.) StrongDisk Pro Windows 95/98/NT/2000 ( "-")PGP, BestCrypt,

Secret Disk Standart (Aladdin Software Security R.D.)

StrongDisk Pro Windows 95/98/NT/2000 ( "-")

: (swap file - win386.swp) (free space) (file slacks)

(wipe) -

Dallas Lock /, /

ViPNet, , +

ViPNet,

/ , / ( BIOS) , ( - ) 300 1540 $

Virtual Private Network (VPN) , , ,

, VPN (, , )

VPN IP- IP- , IP- (IP- )IP- IP-

(IP, IPX, NetBEUI)PPTP (Point-to-Point Tunneling Protocol)-MSL2F (Layer-2 Forwarding) Cisco SystemsL2TP (Layer-2 Tunneling Protocol)

PPTPPPTP L2TP Point-to-Point Protocol (PPP) PPP - , - PPP, PPTP L2TP

PPTP

PPTP PPP- Generic Routing Encapsulation (GRE ) GRE , IPX, AppleTalk, DECnet, IP-

IP GRE PPP IP TCPUDPIP TCP 1723 , PPP

TCP-, 110Source IP195.12.90.175Dest IP194.226.237.16Source Port1134Dest Port110

DNS-, 53

HTTP-, 80

PPTP Extensible Authentication Protocol (EAP),Microsoft Challenge Handshake Authentication Protocol (MSCHAP) 1 2, Challenge Handshake Authentication Protocol (CHAP), Shiva Password Authentication Protocol (SPAP) Password Authentication Protocol (PAP) - MSCHAP 2 -

Microsoft PPTP : : /: MS-CHAP (/)

MSCHAP . . - Lan Manager, 21- . , 24- . . - Windows NT. - , - . , .

PPTP DES RSA Data Security, " Microsoft" (Microsoft Point-to-Point Encryption - MPPE). , RC4 40- 128-

RC440- 64- - Lan Manager ( ) SHA. 24 0xD1269E128- Windows NT 64- , MS-CHAP. , , . 128- SHA.

SKIP (Simple Key management for Internet Protocol IP-) Sun Microsystems, 1994

- , , . :

Ko = gKc mod n, g n - .

SKIP I, J, Kij.Kij = (Koj)Kci mod n = (gKcj)Kci mod n = gKci*Kcj mod n Kij I J . :Kij = (Koj)Kci mod n = (Koi)Kcj mod n = Kji

, , ; , .

(n), Kijn Kp - (MD5) Kij n.n , 00 00 01.01.95 n 1 ,

SKIP counter

, AH ESP, .IP - IPSKIP - SKIPAH - ESP - , Inner protocol - .

Kc Kij ( ) Kp .

man-in-the-middle , i j. - i "" Koj, j -, Koi. , , , .

( ). (Certificate Authority ) , , . () ()

, , . , , , , .. , (ITU Rec. X.509)

X.509 X.509 ITU-T - () ; ; ; () ; , (basicConstraints, nameConstraints); ( ).

X.509

Version 1, 2, 3Certificate Serial Number 40:00:00:00:00:00:00:ab:38:1e:8b:e9:00:31:0c:60Signature Algorithm Identifier 34.10-94Issuer X.500 Name C=RU, ST=Moscow,O=PKI, CN=Certification AuthorityValidity Period : 2 06:59:00 1999 GMT : 6 06:59:00 2004 GMTSubject X.500 Name C=RU, ST=Moscow, O=PKI, CN=SidorovSubject Public Key Info : : 1024 : AF:ED:80:43.....Issuer Unique ID version 2 Subject Unique ID version 2 CA Signature

PKI (public key infrastructure) ()PKI ,

: ,

, , , ,

, SKIP , . .

, SKIP (replay) SKIP- , , ./ , .

, SKIP .Man-in-the-middle . .

, SKIP : ( 256 ); 5-10 IP ; .

, SKIP DoS , IP. .

" " , , . (, Web-) VPN- ,

IPSec ( IKE - Internet Key Exchange) ( AH - Authentication Header) (ESP - Encapsulating Security Payload)

(AH) , MD5: AH - .

ESP ESP

IKE IKE

IKE- -

VPN Intranet VPN Remote Access VPN Client/Server VPN Extranet VPN

VPN Intranet VPN , Remote Access VPN Client/Server VPN Extranet VPN

VPN Intranet VPN Remote Access VPN , IP- Client/Server VPN Extranet VPN

VPN Intranet VPN Remote Access VPN Client/Server VPN ( ) , Extranet VPN

VPN Intranet VPN Remote Access VPN Client/Server VPN Extranet VPN , " ", ,

VPN ();VPN ;VPN ();VPN

VPN Windows NT/2000/XP ( TP IPSec) -

VPN Cisco Systems - DES

VPN CheckPoint Software Technologies CheckPoint Firewall-1 /VPN-1 IPSec, DES, CAST, IDEA, FWZ -IP , DataGuard -, VPN SKIP

VPN VPN -

VPN " IP-" () - (), SKIP

VPN "" 2.5 SKIP1

VPN ViPNet

Physical & Data Link LayersFTPIP (Internet Protocol)TCPUDPApplication LayerTransport LayerNetwork LayerSMTPIPTelephony IP-LIR ViPNet - IP - , , .ViPNet Isolation LayerS S LSecure Sockets Layer(IP-LIR driver)

SSL (Secure Socket Layer)Netscape Communications, 3.0 TLS (Transport Layer Secur)1999., 1.0 , HTTP ( HTTPS)

SSL ( ) -

SSL- TCP-, 443

SSL- TCP-, 443 Client-Hello SSLChallenge_Data

SSL- TCP-, 443 Client-Hello Server-Hello SSL Connection_id () ( )

SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key ,

SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-VerifyChallenge_Data,

SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-Verify Client-Finished Connection_id,

SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-Verify Client-Finished

,

S-HTTP Secure HTTP

HTTP S-HTTP : ( ): Secure * Secure-HTTP/1.1: Secure-HTTP/1.1 200 RFC-822