УДК 004.65:004.056

KEY PROGRAM INFORMATION SECURITY THREATS IN AUTOMATED DATA COLLECTION SYSTEMS

Oleksandr Martyniuk
Information Security Faculty, Institute of Physics and Technics, National Technical University of Ukraine

The use of automated data collection systems in the physical experiment made the processing of information more quickly and efficiently. Today the computing power of personal computers allow even complex studies using high-precision sensors and receive full results, analyze and forecast the passage of the physical process that explored. Such systems usually consist of a personal computer system with the system of sensors connected to it and specialized software [1]. Moreover, the software that performs information processing can be created specifically for a particular experiment and developed by the experimenter. Thus automated data collection system can be used in various organizations such as research centers, universities and schools. To share information about the experiment the Internet can be used. This will exchange data between remote systems quickly and analyze even complex physical processes. However, the use of the Internet for experiment data transmission can carry a lot of information security threats. The main ones are discussed further.

Information has three main properties. The first of them is integrity. It provides that the information will not be altered or removed by unauthorized users. The second is privacy, and it will be respected if no user gets access to information, the right to which he has not. The last property - availability - means that anyone, who has the right of access to information, can fulfill legal action in time, not exceeding set [2]. If any one of these properties will not be met, the information will not be protected, and therefore its use in automated data collection system is impossible.

Sources of threats can be internal or external. From this we can draw the following classification of causes of programmatic information security breaches. Internal threats are:

 - еntering incorrect data;

- errors in the code of software;

- faulty internal access restriction subjects.

External threats:

- malware transmitted through the network or portable storage media;

- scanning Network;

- forwarding incorrect data.

Entering wrong data and error code associated with the fact that the software used in the analysis of the data was poorly tested. The cause of errors can be either data entered by the user or the data submitted with the sensors. To prevent such threats developers should test software and provide memory sizes to be used in their work.

Faulty concurrent access relevant threat have place if the automated system involves the use of certain processes or certain information privileged users. Faulty access can be achieved by selecting passwords, impersonating another user, increasing own privileges. To prevent such type of threat correctly build concurrent access policies must be used, use quality passwords, hide log information onto your computer and use encryption. The last method can adversely affect the performance of the software, but protect from violations of data security.

External threats are more dangerous because it will affect not only the software for processing data, but full automated system. The first and most important of the threats in this case is malware. There are many types of programs that differ in scale negative impacts and methods to the computer and purpose. Malware - this is quite an old concept, understood as such programs or code that aims to obtain sensitive data, obstructing the work of a computer system or gain control over it. Thus the following forms of software include worms, Trojans, adware, viruses, rootkits, key logger and many other extortion or spyware. Compared to other programs that may adversely affect the performance of your computer, such as defective code, which contains errors that could not be eliminated in time during development, malicious software is created deliberately and executes malicious action. "Worms" can bring a lot of damage to the computer and even computer networks, but their purpose is only to abuse the system and its compromise. Ransomware (short for words ransom and software) is a specialized type of malware that aims to get cash benefits in exchange for unlock your computer. Examples of such programs are Cryzip, Rector. Other reasons for the introduction of malware on the computer may be the actual expression, upholding certain personal reasons, dissemination of relevant information, blocking of some services [3]. Using anti-virus software help to prevent negative malicious software. These programs differ in method of finding virus programs, signatures, the spectrum of functions and other features. However, the use of their work on automated data collection systems, especially with Internet access is required.

To counter network scanning and sending incorrect data a firewall should be used. It analyzes the external traffic. So you can block malicious packets, monitor network access by external entities and protect themselves from attacks related to networking. Clearly, for complete protection, you can use comprehensive protection systems, which include antivirus, firewall, additional tools to find vulnerabilities and other extras.

Consequently, the automated data collection system that is composed of a system of sensors connected to a PC with installed specialized software to analyze the data was analyzed. It was the main threat to the security of information systems and generally inherent in such systems and the basic ways to prevent attacks and information security problems were analyzed too.

 

Used resources:

1. Available at: http://en.wikipedia.org/wiki/Data_acquisition

2. Грайворонський М. В., Новіков О. М. Захист інформації в комп'ютерних системах і мережах / М. В. Грайворонський, О. М. Новіков. - К. : BHV, 2009. - 608 c : іл. - (Інформатика). - ISBN 966-552-167-5 (Ukrainian language).

3. Available at: http://en.wikipedia.org/wiki/Malware

Коментарі до статті:
© inforum.in.ua, 2014 - 2024
+38 (068) 322 72 67
+38 (093) 391 11 36
inforum.in.ua@ukr.net