Полезное:
Как сделать разговор полезным и приятным
Как сделать объемную звезду своими руками
Как сделать то, что делать не хочется?
Как сделать погремушку
Как сделать так чтобы женщины сами знакомились с вами
Как сделать идею коммерческой
Как сделать хорошую растяжку ног?
Как сделать наш разум здоровым?
Как сделать, чтобы люди обманывали меньше
Вопрос 4. Как сделать так, чтобы вас уважали и ценили?
Как сделать лучше себе и другим людям
Как сделать свидание интересным?
Категории:
АрхитектураАстрономияБиологияГеографияГеологияИнформатикаИскусствоИсторияКулинарияКультураМаркетингМатематикаМедицинаМенеджментОхрана трудаПравоПроизводствоПсихологияРелигияСоциологияСпортТехникаФизикаФилософияХимияЭкологияЭкономикаЭлектроника
|
Prevention of Computer Crimes in Banking
Applying the modern technical means of the information security has become the significant element of the computer crime prevention in banking (prevention implies the access restriction or the use of the whole computer system or just part of it). The Regulations about technical information security in Ukraine indicates that technical information security with the restricted access in the automated systems and means of computer engineering is directed on preventing the disturbance of data integrity with the restricted access and its leaking in the way of: n unauthorized access; n intaking and analyzing the collateral electromagnetic radiations and inducing; n the use of the laying devices; n the implementation of computer viruses. The engineering information security with restricted access in the automated systems and means of computer engineering meant for forming, transferring, accepting, transforming, displaying and keeping some information is provided with a complex of designer, organizational programme and engineering measures at all stages of their creation and their work. The main methods and means of engineering information security with the restricted access in the automated systems and means of computer engineering are:
n
the use of protected equipment; n the regulation of users’ work, operating personnel, software, elements of databases and information carriers with the restricted access (access delimitation); n the regulation of the architecture of automated systems and means of computer engineering; n technical and engineering equipping of rooms and communica tions meant for exploitation of the automated systems and means of computer engineering; n the search for laying devices, their revealing and blocking. These measures can play serious generally preventive role in the fight with computer crimes at their skilful and comprehensive use. Taking into consideration the fact that the problem dealing with computer criminality and its preventive measures in banking in our country has been studied only since 90 years, and in some foreign countries this problem has been studied for a long time, we should learn the broad experience of these countries and put it into the domestic practice taking into account the acting normative and legal basis of Ukraine. There are main means of information security: physical measures, hardware means, software means, hardware and software means, cryptographic and organizational methods. The physical means of protection are the measures which are necessary for outer protection of a computer, the territory and the objects on the basis of computer engineering which are specially meant for creating the physical obstacles on possible ways of penetration and access of the potential infringes to the components of information systems and data which are under protection. The simplest and reliable method of information security from the threats of the unauthorized access is the regime of the independent use of a computer by one user in a specially meant room in the absence of unauthorized persons. In this case the specially set room plays the role of an exclusive circle of protection, and the physical security is windows, walls, a floor, a ceiling, a door. If the wall, the ceiling, the floor and the door are substantial, the floor has no hatches adjoining to other rooms, the windows and the door are
supplied with a signaling system, then the stability of security will depend on the performance specification of a signaling system in the user’s absence in the off time. In the working time when a computer is on, the leak of information is possible through the channels of adjacent electromagnetic radiation. To prevent such a threat a special examination of means (a computer itself) and devices of electronic computer machinery (ЕCM) (a computer in a room specially marked out) is carried out. This examination implies a certification procedure and categoriza tion of means and devices of ЕCM with issuing the corresponding operating permit. Moreover, the door of the room must be supplied with the mechanical or electromechanical lock. In some cases if there is no signaling system and the computer user is absent during a long period it is desirable to keep a system block and the machine information carriers in the safe to provide better safety. The use of a hardware password in the input/output system of BIOS in some computers, which disables loading and operating ECM, does not provide proper security against the threats of the unauthorized access, for the hardware element of the BIOS carrier of a password can be substituted for another one alike in the absence of the mechanical lock on case of the system block and the absence of a user, as the clusters (blocks) of BIOS are unified and they have the certain password data. For this reason the mechanical lock disabling the process of a computer switching on and its loading is the most effective measure in this case. To provide security against the leakage the specialists suggest the mechanical attaching of a computer to the user’s table. Meanwhile it is necessary to keep in mind that in the absence of a signaling system ensuring constant access control to the room or to the safe the reliability of locks and attachments must be of the kind that the time the infringe needs to force them would not exceed the period when the computer user’s will be absent. If this kind of security is not provided, the signaling system is required without fail. The range of modern physical security means is very wide. This group of security means also includes various means of screening the workrooms and the data transmission channels. The hardware means of security are various electronic, mechanical and electronic means and other system devices which
are embedded in the serial blocks of electronic systems of data processing and data transferring to provide internal security of computer facilities: terminals, devices of data input and output, processors, transmission links, etc. The main functions of hardware means of security are: n the inhibition of the unauthorized remote access to the distant user; n the inhibition of the unauthorized remote access to the databases as a result of the casual or intentional activity of staff; n the protection of the software integrity. These functions are carried out in the way of: n identification of the subjects (users, maintenance staff) and the objects (resources) of a system; n authentication of the subject in accordance with the given identifier; n inspection of authorities which implies checking the permit for certain kinds of work; n registration (logging) with reference to the forbidden resources; n registration of the attempts of unauthorized access. The implementation of these functions is carried out with the help of applying various engineering devices of special purpose. In particular, they include: n the emitters supplying uninterrupted power of hardware, and also the device of equalization which prevents the spasmodic voltage drop and voltage crests in the transmission network; n the devices of hardware screening, transmission links and accommodations where the computer machinery is located; n the devices of identification and commit of terminals and users when fulfilling the unauthorized access to a computer web; n the protection means of computer ports, etc. The protection means of ports have some protective functions, in particular: 1) “a comparison of the code”. The computer of port security verifies the code of the authorized users with the code required “a disguise”. Some means of ports protection disguise the existence of ports on the line of a telephone link in the way of synthesizing a human voice which answers the calls of the viewer;
2) “a counter bell”. In the memory of a means of ports protection not only access codes but also identification telephone numbers are kept; 3) input of the automatic “electronic record” of access to the computer system with fixing the main user’s operations. Software security means are necessary to accomplish logical and intellectual functions of security which embedded in the software tools of the system. There are some aims of the safety which are realized with the help of software security means: n check of the loading and login with the help of a password system; n delimitation and check of access rights to the system resources, terminals, exterior lives, constant and temporary data sets, etc; n file protection from viruses; n automatic control of users’ operations in the way of logging their activity. The hardware and software security means are the means, which are based on the synthesis of program and hardware means. These means are widely used in authentication of users of the automated banking systems. Authentication is the inspection of the user’s identifier before its access to the system resource. The hardware and software safety means are also used at overlaying electronic and digital signatures of the accountable users. The use of smart cards containing passwords and users’ codes are widespread in the automated banking systems. The organizational security means of the computer information make up the set of measures concerning staff recruitment, inspection and training of the staff who participate in all stages of information process. The analysic of the material of criminal cases leads to the conclusion that the main reasons and conditions which make for committing computer crimes are mainly the following: n the absence of attending personnel’s activity control, which helps a criminal use a computer freely as the instrument of crime;
n
a low level of the software which has no reference security and does not ensure the inspection of conformity and accuracy of the informa tion; n the imperfection of a password security system from the unauthorized access to a workstation or its software which does not provide authentic identification of a user according to individual biometrics parameters; n the absence of strict approach to the employees’ access to the secret information, etc. The experience of foreign countries testifies that the most effec tive security of information systems is bringing in the position of the specialist on computer safety or creating special services, both pri vate and centralized ones depending on a particular situation. The availability of such a department (service) in a bank system ac cording to the foreign specialists decreases two fold the undertak ing of crimes in the sphere of computer technologies.
Date: 2015-12-13; view: 666; Нарушение авторских прав |