Download - Требования к защите информации
-
.., .., 2003-2008
-
. . : . ., 1992. . . : . ., 1992.
-
15408-02 .., 2002. . . ..: , 2002. / 17799-2005. .
-
( ); , ; , , , , ; , ; , ;
-
, , ; , , , ; , ; ;
-
, , , , (), ..; . . , .
-
: ( )
-
()
-
:
-
() BIOS
-
BIOS (, CD-ROM, USB-)
-
Security (Password) : MBR Bios Setup (Supervisor)
-
Advanced CMOS Features
-
- () - - -
-
( .. )
-
Min 8-10 QWERTY IVAN, PAROL, gfhjkm Aa1; + Alt+. Rz23Sa5v,
-
()100
-
(-)Touch-memory (Dallas iButton) (e-token USB-, PCMCIA - )-
-
, Windows 2000, XP MCBC 3.0 Windows XP
-
3.0 , 2 , ,
-
() :
-
( () ) 1. 2. 3. -- 4. ,
-
1
2
3
User 1
R
RW
User 2
R
RW
User 3
RW
RW
RW
-
- ( )
-
,
-
-
-
Intel Windows NT/2000OC Novell NetWare Linux Trusted Xenix Trusted Oracle
Secret Net Windows NT/2000 Dallas Lock Windows NT/2000 - Windows NT/2000 OC Novell NetWare
-
- ()
-
-
-
- , , , , .
-
: ( )
-
() :
-
BIOS
-
Security (Password) : MBR Bios Setup (Supervisor)
-
Advanced CMOS Features
-
Wavetrend (Link-IT)
-
Wavetrend (Link-IT)
-
- -( )
-
Wavetrend (Link-IT)- - ( )
-
Secret Net 2000( )
-
Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( )
-
- -PCI
-
Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( ) - -PCI ( )
-
NT 2.0 ( )
-
Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( ) - -PCI ( ) NT 2.0 ( )
-
, ,
-
() ( .. )
-
! .
-
Min 8-10 QWERTY IVAN, PAROL, gfhjkm Aa1; + Alt+. Rz23Sa5v,
-
( )
-
( , , ) : (SmartPen) ,
-
()100
-
- - -
-
?
-
(-)Touch-memory (Dallas iButton) (e-token USB-, PCCard , PCMCIA - )-
-
:
-
BIOS MBR BR
-
- BIOS MBR BR
-
NT BIOS MBR BR
-
, ,
-
, ,
-
: .
-
()
-
(
Main BIOS
BIOS
-
, ,
-
, ,
-
, ,
-
.
-
:
-
Secret Disk Standart (Aladdin Software Security R.D.) StrongDisk Pro Windows 95/98/NT/2000 ( "-")PGP, BestCrypt,
-
Secret Disk Standart (Aladdin Software Security R.D.)
-
StrongDisk Pro Windows 95/98/NT/2000 ( "-")
-
-
-
() -
-
( ) .
-
, -
-
-
-
: (swap file - win386.swp) (free space) (file slacks)
-
(wipe) -
-
Dallas Lock /, /
-
ViPNet, , +
-
ViPNet,
-
-
-
/ , / ( BIOS) , ( - ) 300 1540 $
-
Virtual Private Network (VPN) , , ,
-
VPN
-
, VPN (, , )
-
VPN
-
VPN IP- IP- , IP- (IP- )IP- IP-
-
(IP, IPX, NetBEUI)PPTP (Point-to-Point Tunneling Protocol)-MSL2F (Layer-2 Forwarding) Cisco SystemsL2TP (Layer-2 Tunneling Protocol)
-
PPTPPPTP L2TP Point-to-Point Protocol (PPP) PPP - , - PPP, PPTP L2TP
-
PPTP
PPTP PPP- Generic Routing Encapsulation (GRE ) GRE , IPX, AppleTalk, DECnet, IP-
IP GRE PPP IP TCPUDPIP TCP 1723 , PPP
-
TCP-, 110Source IP195.12.90.175Dest IP194.226.237.16Source Port1134Dest Port110
-
POP3
-
DNS-, 53
-
HTTP-, 80
-
PPTP Extensible Authentication Protocol (EAP),Microsoft Challenge Handshake Authentication Protocol (MSCHAP) 1 2, Challenge Handshake Authentication Protocol (CHAP), Shiva Password Authentication Protocol (SPAP) Password Authentication Protocol (PAP) - MSCHAP 2 -
-
Microsoft PPTP : : /: MS-CHAP (/)
-
MSCHAP . . - Lan Manager, 21- . , 24- . . - Windows NT. - , - . , .
-
PPTP DES RSA Data Security, " Microsoft" (Microsoft Point-to-Point Encryption - MPPE). , RC4 40- 128-
-
RC440- 64- - Lan Manager ( ) SHA. 24 0xD1269E128- Windows NT 64- , MS-CHAP. , , . 128- SHA.
-
SKIP (Simple Key management for Internet Protocol IP-) Sun Microsystems, 1994
-
-
-
- , , . :
Ko = gKc mod n, g n - .
-
SKIP I, J, Kij.Kij = (Koj)Kci mod n = (gKcj)Kci mod n = gKci*Kcj mod n Kij I J . :Kij = (Koj)Kci mod n = (Koi)Kcj mod n = Kji
-
SKIP
-
, , ; , .
-
(n), Kijn Kp - (MD5) Kij n.n , 00 00 01.01.95 n 1 ,
-
SKIP counter
-
, AH ESP, .IP - IPSKIP - SKIPAH - ESP - , Inner protocol - .
-
Kc Kij ( ) Kp .
-
man-in-the-middle , i j. - i "" Koj, j -, Koi. , , , .
-
( ). (Certificate Authority ) , , . () ()
-
, , . , , , , .. , (ITU Rec. X.509)
-
X.509 X.509 ITU-T - () ; ; ; () ; , (basicConstraints, nameConstraints); ( ).
-
X.509
Version 1, 2, 3Certificate Serial Number 40:00:00:00:00:00:00:ab:38:1e:8b:e9:00:31:0c:60Signature Algorithm Identifier 34.10-94Issuer X.500 Name C=RU, ST=Moscow,O=PKI, CN=Certification AuthorityValidity Period : 2 06:59:00 1999 GMT : 6 06:59:00 2004 GMTSubject X.500 Name C=RU, ST=Moscow, O=PKI, CN=SidorovSubject Public Key Info : : 1024 : AF:ED:80:43.....Issuer Unique ID version 2 Subject Unique ID version 2 CA Signature
-
X.509
-
X.509
-
PKI (public key infrastructure) ()PKI ,
: ,
-
,
-
, , , ,
-
, SKIP , . .
-
, SKIP (replay) SKIP- , , ./ , .
-
, SKIP .Man-in-the-middle . .
-
, SKIP : ( 256 ); 5-10 IP ; .
-
, SKIP DoS , IP. .
-
" " , , . (, Web-) VPN- ,
-
IPSec ( IKE - Internet Key Exchange) ( AH - Authentication Header) (ESP - Encapsulating Security Payload)
-
IPSec
-
(AH) , MD5: AH - .
-
ESP ESP
-
IKE IKE
-
IKE- -
-
, 60%
-
VPN Intranet VPN Remote Access VPN Client/Server VPN Extranet VPN
-
VPN Intranet VPN , Remote Access VPN Client/Server VPN Extranet VPN
-
VPN Intranet VPN Remote Access VPN , IP- Client/Server VPN Extranet VPN
-
VPN Intranet VPN Remote Access VPN Client/Server VPN ( ) , Extranet VPN
-
VPN Intranet VPN Remote Access VPN Client/Server VPN Extranet VPN , " ", ,
-
VPN ();VPN ;VPN ();VPN
-
VPN Windows NT/2000/XP ( TP IPSec) -
-
VPN Cisco Systems - DES
-
VPN CheckPoint Software Technologies CheckPoint Firewall-1 /VPN-1 IPSec, DES, CAST, IDEA, FWZ -IP , DataGuard -, VPN SKIP
-
VPN VPN -
-
VPN " IP-" () - (), SKIP
-
VPN "" 2.5 SKIP1
-
VPN ViPNet
Physical & Data Link LayersFTPIP (Internet Protocol)TCPUDPApplication LayerTransport LayerNetwork LayerSMTPIPTelephony IP-LIR ViPNet - IP - , , .ViPNet Isolation LayerS S LSecure Sockets Layer(IP-LIR driver)
-
SSL (Secure Socket Layer)Netscape Communications, 3.0 TLS (Transport Layer Secur)1999., 1.0 , HTTP ( HTTPS)
-
SSL ( ) -
-
SSL- TCP-, 443
-
SSL- TCP-, 443 Client-Hello SSLChallenge_Data
-
SSL- TCP-, 443 Client-Hello Server-Hello SSL Connection_id () ( )
-
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key ,
-
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-VerifyChallenge_Data,
-
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-Verify Client-Finished Connection_id,
-
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-Verify Client-Finished
,
-
S-HTTP Secure HTTP
-
HTTP S-HTTP : ( ): Secure * Secure-HTTP/1.1: Secure-HTTP/1.1 200 RFC-822