A review of publications by Russian and foreign researchers on the issues of modeling the process of assessing the degree of security of individual components of an informatization object (automated system) is presented. The main factors influencing the level of security are analyzed. The types of objects of unauthorized influence are given. The choice of the “information carrier” as the main generalized object and the list of actual threats to it are substantiated, their brief analysis is given. As the output (dependent) variable of the developed regression model, the level of information carrier security is determined. The input (independent) variables are the degree of danger of threats: illegal access to protected information; unauthorized copying of protected information; overcoming physical protection; loss of carriers of information. The developed model has the form of a regression equation and can be used to predict the level of security of information carriers.
Keywords: information security, informatization object, automated system, information carriers, information security threats, security level, regression model, expert information, adequacy criteria
The forecast of fine dust pollution, the organization of monitoring and quality control of the air environment are relevant for cities with a developed transport infrastructure. The article checks the application of the distribution law for the concentration of fine dust PM2.5 and PM10 for highways of urban, district and local significance, the sample size was 50 values.
Keywords: linear city, distribution law, fine dust, roads, mixed gaussian distribution
The article discusses the concept of phishing and its varieties. An analysis of phishing attacks for 2021 was carried out, which revealed an increase in their number, which indicates the relevance of the proposed measures to counter this type of threats, a browser extension was developed to ensure protection against mass and directed phishing attacks.
Keywords: phishing, attack, social engineering, Phishing-as-a-Service, information security
The article deals with the problem of studying the functioning of the document management system under unauthorized influences, the relevance and practical significance of which is due to the peculiarity of the requirements for ensuring the protection of confidential information, and the significance of damage in case of disruption of the uninterrupted flow of documents circulating in the system. To model the processes of functioning of the electronic document management system, an approach based on the use of the apparatus of Petri-Markov networks is proposed, which allows taking into account the statistical nature of the processes of receipt of documents for processing and manifestations of impacts from intentional threats to information security. Within the framework of the proposed approach, a model of the functioning of the electronic document management system under the influence of ARP-spoofing attacks, which are a common type of threats to information systems in the public administration sphere, has been developed. At the same time, the options for the impact of threats in the absence of technical means of information protection and their application are considered. The constructed model can be used when conducting computational experiments to determine the most effective means of information protection of electronic document management systems.
Keywords: electronic document management system, unauthorized impact, simulation modeling, Petri-Markov networks
IoT technologies have become an integral part of business and social life. This technology can be seen in almost every major city in Russia. Many leading countries are at relatively high levels of mass adoption of IoT technology. Many areas of the country's activities directly depend on the Internet of Things: “smart home”, “smart city”, digital agriculture, industrial automation, etc. It should be borne in mind that the diversified use of technologies entails a special interest of attackers and an increase in security threats. In this regard, specialists have a question of ensuring security. This article discusses the characteristics of IoT devices, the main security threats to narrowband IoT, and recommendations for countermeasures.
Keywords: IoT, NB-IoT, security, security threats, Cybercrime, Computer security
Cryptography is the science of privacy methods. Encryption is a special case of encryption. The article discusses the issues of encryption, the use of two different methods of encrypting text phrases: the Caesar cipher and the Vigener cipher, the definitions of the alphabet and the key are given. An example of using these ciphers on two phrases of the Cyrillic and Latin alphabet is given. A program has been designed in the Java language that allows encryption and decryption. The description of the program is given. The program form includes two radio buttons for selecting the algorithm and two buttons for encryption and decryption.
Keywords: cryptography, encryption, decryption, vigener cipher, caesar cipher, java
The article considers the content of dust particles in the filter of the split system of a residential building and in the air of an air-conditioned room, the material is taken, as well as its analysis for the content of fine dust.
Keywords: fine dust, residential air conditioning system, bacteria, integral distribution functions, "dissection"method
This article proposes the development of a method for transmitting secure messages using a combination of best practices for organizing data exchange and cryptographic instant messaging protocols using end-to-end encryption. It considers ways of organizing an application using a peer-to-peer network and client-server architecture. It analyzes popular instant messaging protocols using end-to-end encryption. The software components of the application based on the developed method are described.
Keywords: messenger, end-to-end encryption, cryptographic protocol, instant messaging, peer-to-peer network, client-server
The article examines the concept and scope of edutainment technology. A variant of the application of this technology in teaching students information security issues is proposed. Examples of the implementation of edutainment technology in a number of games covering cybercrime and information security are given.
Keywords: edutainment-technology, edutainment, information security, teaching, data protection, game
As a result of the work, an algorithm was developed and a software tool was implemented that allows ensuring the confidentiality of information in the interaction between access subjects. The study of the dependence of the selected parameters of the elliptic curve on the processing time and transmission of the encrypted message has been carried out. Studies have shown that with an increase in the values of the parameters of the elliptic curve, the time for processing confidential information increases due to insufficient system resources.
Keywords: confidential information, information leakage, asymmetric encryption, information reliability, system resources, communication channel
This article describes automation of getting security-sensitive data required for database connectivity in Kubernetes environment.
Keywords: Kubernetes, Vault, Helm, automation, security, database, Deployment, Job
The presented article describes the modeling of a communication system (hereinafter SS) organized by a plurality of communication nodes of a public communication network (hereinafter SS SSN) and its elements. The task of modeling is to obtain interrelated initial data on the set of features for each investigated SS of the SSNS at each moment of the model time, taking into account the implemented activation processes and the logic of SS functioning. The process of functioning with the SS as a source of features is studied using a complex analytical and simulation model, since deterministic and random factors are taken into account for its development. The manifestation of signs is a complex process, since the SS is constantly in dynamics. However, the increasing intensity of the increase in the use of communication means and the load in communication channels leads to an increase in the number of manifested set of signs. The reasons for the manifestation of many signs are such factors as: dynamics of movement of the USS of the SSOP; modes of operation of SSOP elements, etc. All of these factors are used in the model as activating the manifestation of many features.
Keywords: communication system, public communication network, communication node, sign of a system element, information direction, activating factor
At present, the number of means for collecting information about the characteristics of elements of a public communication system is increasing. Databases.
Keywords: database, monitoring systems, information, resolution, processing of information arrays, similarity rate, process automation, public communication system, communication system elements
Solid particles (PM) contaminate the filter surfaces and enter the pores, as well as settle on the surfaces of catalysts and deactivate them. Therefore, this article discusses the filter system and the cleaning system. The paper describes the requirements for what they should contain and provide, what properties and parameters the filter material should have, as well as catalytic converters that contribute to an increased level of cleaning. It is also shown that the system that filters exhaust gases must be resistant to vibrations of up to 150 Hz at an acceleration of up to 4 g. The filter system and cleaning system must be equipped with devices that ensure the regeneration of catalysts at the site of dismantling. The purification system must ensure that the emissions of the following harmful substances are reduced.
Keywords: solid particle, filter system, purification system, catalytic Converter, oxide, external environment, diesel engine
The article presents a method for quantifying the survivability of information technology objects, in relation to the means of software and hardware impact, including those based on assessing the ratio of direct and indirect risks, the ratio of the probability of catastrophic failures for a damaged and intact system. The necessity of increasing the survivability of information technology facilities to ensure security in the global cyberspace is grounded. It is also necessary to note that to ensure the required level of integrated survivability of an information technology object, it is necessary to protect them from software and hardware impacts in the global cyberspace. Information-technical objects with high cyber-defiance are gradually destroyed, while maintaining limited performance (combat capability with respect to military systems). This allows you to take protective measures, thereby reducing the effects of exposure mainly to primary damage from damage to the elements of an information technology object. Information and technical objects with low survivability are destroyed sharply and catastrophically, which is accompanied by significant secondary and cascade destruction, which are disproportionate (disproportionate) initiating software and hardware effects.
Keywords: survivability, information technology objects, the infosphere, cyber defensiveness, cybernetic weapons, software and hardware effects, the technosphere
Over the past decades, the Internet has changed our lives and ways of doing our daily activities. The Internet has changed the methods of communication, and for many enterprises and organizations the technology has changed. In today's business environment, if an organization does not have any presence on the Internet, it risks remaining behind its competitors, as the Internet and technology continues to develop and develop us. This paper provides a small review of the literature on Internet security threats. Typical threats are classified and their effects are shown. Methodical recommendations for their minimization are given.
Keywords: computer security, security threats, spoofing, denial of service, DoS, DDoS, cyber security
This review examines what artificial intelligence is, whether it presents any danger to people, what are the ways to “take possession” of that other technology of control of industrial robots. As scientists and leading experts in information technologies and physics speak about this.
Keywords: information technology, security, hacking, robotics, artificial intelligence, threat, vulnerability
The article provides an analysis of the proposed system to protect confidential information of the organization. The rationale for the need for comprehensive protection, as the unidirectionality of the system is not sufficiently effective, leads to early failure and the loss of important confidential information
Keywords: confidential information protection system, protection subsystems, complex confidential information protection systems, probabilistic assessment
Undoubtedly, today mobile phones have become an integral part of people's lives. Having set up access rights to our phone, we are sure about the safety of data, but also we need to know that data from smartphones can be obtained in full by digital forensic investigators. Even deleted data can be restored by the tools of these specialists. Digital forensic experts and investigators have a wide range of multifunctional and narrow-profile tools that allow you to "extract" digital data from almost any device. This article analyzes various types of mobile device memory on the Android platform, from which experts get data, tools and methods for obtaining information from mobile phones.
Keywords: android, digital forensics, database, computer security, Cellebrite, Oxygen
This article discusses the basic concepts in the field of blockchain technology, analyzes various types of blockchains and algorithms for achieving consensus. The advantages and disadvantages of various technologies are considered, their primary areas of application are determined. It is shown how on the basis of the analysis performed, the types of blockchain and the algorithm for reaching consensus are most suitable for the implementation of an electronic document management system The developed software that implements document protection functions using blockchain technology is presented.
Keywords: blockchain, transaction, validator, patent law, secured workflow, blockchain classification, public blockchain, private blockchain, consensus algorithm, model Proof by work, model Proof of shares, model Delegated proof of shares, hybrid model Prof of Work
Computer security is one of the key tasks of our time. Attacks on equipment in the network are constantly and leave large damages in the integrity of the data. There are many methods of computer security, one of which is the method of security through obscurity. The article analyzes the actions of system administrators to ensure server security using the “security through obscurity” method.
Keywords: computer security, security through obscurity, cryptography, decoding, setting up web servers
Voice over Internet Protocol (VoIP) is a widely deployed service since the commencement of voice and data integration. This was done in a bid to reduce cost and management concerns. VoIP uses the same infrastructure as traditional data networks and thus, inherits all the security challenges of a data network. In addition, VoIP exhibit self-inflected problems resulting from network components and the protocol adopted. This paper present the security threats witnessed in VoIP telecommunication. The paper discusses the security threats in tandem with confidentiality, integrity and availability principle. Examples of security issues under consideration include; spamming, identity spoofing, call tempering, DoS, and Man-in-the-middle attacks among others. Finally, the paper will outline the common countermeasures adopted to mitigate the threats.
Keywords: VoIP, VoIP security, voice over IP security, DoS, spamming, identity spoofing, call tempering, Cybercrime, Computer security
When using maskirators for information directions of distributed integrated infocommunication systems of the departmental purpose (ID DI ICS MP), it becomes necessary to make an informed choice of their characteristics. The resource management method of the ID DI ICS MP maskirators refers to ensuring the security of the ID DI ICS MP, and is used to achieve the required nominal power of the ID maskirator, which is achieved by justifying the choice of the number of IDs and the rate of change of IP-addresses when average rate of generation of information packets by the correspondent varies.
Keywords: Information technologies, distributed integrated infocommunication systems, masking of the information directions, threats to functioning, information exchange.
The article describes the possibilities of data backup with the help of cloud services in data management in networks. It also describes how to create backups, how to verify the integrity of files in a backup, and how to ensure the reliability of the copies themselves. The formulation of the problem is formulated as follows: it is necessary to find the best way to store backup data ensuring the best safety of these data at the lowest cost and reduce the complexity of the backup. As optimization criterion in this study was considered work on backup software, data storage reliability, the integrity of the files in the backup, the financial costs for providing backup. Analysis of the results of the study showed that the storage of backups in the cloud compared to traditional methods of backup - more profitable in many aspects. In modern data centers due to the large scale of the level of reliability of data storage is much higher, the cost of disk space does not vary significantly with the cost of purchasing hard disk and automatic backup check allows you to save a lot of time.
Keywords: Backup, backup, cloud technologies
As a result of the implementation of threats to information security, enterprises suffer significant material and reputational losses. The paper suggests a methodologyAs a result of the implementation of threats to information security, enterprises suffer significant material and reputational losses. The paper suggests an approach to conducting a cluster analysis of information security threats, which allows to obtain groups of similar threats and to identify the possibility of reducing the damage from their implementation. The data on the realized threats are analyzed by using different clustering methods for a different number of clusters in order to share the threats in the best possible way. Realized threats are described by the damage that arose from the implementation of the threat and the duration of the elimination of the consequences of the threat. Clustering allows you to identify common characteristics of threats in each group. Analysis of the resulting breakdown of a variety of information security threats into clusters will allow separating threats into groups with the identification of those threats, the implementation of which leads to the most negative consequences and causes the greatest material damage. Thus, security specialists of the enterprise can take measures to protect information, direct efforts to provide protection from threats with the greatest negative consequences. The proposed approach to the clustering of threats to information security made it possible to analyze the enterprise protection system, identify approaches to reduce losses from vulnerability, and identify ways to improve the level of protection. for conducting a cluster analysis of information security threats, which allows to obtain groups of similar threats and to identify the possibility of reducing the damage from their implementation. The data on the realized threats are analyzed by using different clustering methods for a different number of clusters in order to share the threats in the best possible way. Realized threats are described by the damage that arose from the implementation of the threat and the duration of the elimination of the consequences of the threat. Clustering allows you to identify common characteristics of threats in each group. Analysis of the resulting breakdown of a variety of information security threats into clusters will allow separating threats into groups with the identification of those threats, the implementation of which leads to the most negative consequences and causes the greatest material damage. Thus, security specialists of the enterprise can take measures to protect information, direct efforts to provide protection from threats with the greatest negative consequences. The proposed approach to the clustering of threats to information security made it possible to analyze the enterprise protection system, identify approaches to reduce losses from vulnerability, and identify ways to increase the level of protection.
Keywords: information security, the threat of information security, the damage from the implementation of the threat of information security, cluster analysis