International Congress on Multidisciplinary Studies in Education and Applied Sciences Berlin, Germany June 3 rd 2022 conferencezone.org 242
password files. Network Analyzers (Sniffers): Through software that listens to network
traffic. They have the ability to automatically separate user names, passwords, credit card
numbers from traffic.
The most common aggression has the following statistics:
An analysis of 237 computer attacks conducted by NIST in 1998 was published on the
Internet:
29% of attacks occurred in the Windows environment.
Lesson: Unix alone is not dangerous.
In 20% of the attacks, the attackers reached the network elements (routers, switches, hosts,
printers brandmauer) remotely.
Lesson: Hosts can be accessed remotely without notice.
5% of attacks were successful against routers and firewalls.
Lesson: Internet network infrastructure developers do not have enough resistance to computer
attacks.
4% of attacks are organized to find free hosts that can withstand Internet aggression.
Lesson: It is good that system administrators themselves regularly scan their hosts. 3% of
attacks are organized by websites against their users.
Lesson It is not safe to search for information on the WWW.
1999 on the Internet. the most common computer attacks in March. Sendmail (oldest
program), ICQ (complex "I'm looking for you" program, used by about 26 million people),
Smurf (program that works with ping-packages), Teardrop (error-sensitive program), IMAP
(mail program), Back Orifice ( trojan horse, for remote control of Windows 95/98), Netbus
(similar to Back Orifice), WinNuke (can completely stop Windows 95) and Nmap (scanning
program). With the help of WinNuke, Papa Smurf and Teardrop programs, malicious people
can attack and damage your computer.
3. Directions of information security
The international standard NIST 7498-2 defines basic security services. Its task is to
determine the security aspects of the open system communication model. These are:
Authentication. Authentication of a computer or network user;
Access control.
Check and ensure that the user has access to the computer network;
Data integrity. Checking the contents of the database for accidental or unauthorized changes;
Confidentiality of information. Protecting Content from Unauthorized Disclosure
Inviolability (Neoproverjimost). To prevent the sender from acknowledging that the data set
was sent by the sender or received by the recipient. Many additional services (audit, access)
and support services (key management, security, network management) serve to complement
this basic security system. The complete security system of the web node must cover all of
the above security areas. Appropriate security tools (mechanisms) should be included in the
software product.
Improving authentication involves addressing the shortcomings of reusable passwords,
ranging from disposable passwords to high-tech biometric authentication systems. Items that
users carry with them, such as special cards, special tokens or floppy disks, are much cheaper
and safer. The unique, module code protected application module is also handy for this
purpose. Public key infrastructure is also an integral part of Web node security. The
distribution system (people, computers), Public Key Infrastructure (certificate publisher),
which is used to ensure authentication, data integrity and confidentiality of information,
publishes an electronic certificate. It contains the user ID, its public key, some additional
information for the security system, and the digital signature of the certificate publisher.
Ideally, this system will create a chain of certificates for the user at any two points on Earth.