Hardware, software and organizational means of protecting the resources of the personal data information system from unauthorized access by means of "sniffing attacks"

Objective. The article discusses hardware and software methods of protecting the resources of the personal data information system from unauthorized access by means of "sniffing attacks"; the essence of which is to intercept data that is delivered within the observed system in the form of packets.

Method. The analysis of the security of resources by the personal data information system regarding unauthorized access to data by means of "sniffing attacks" includes five conditional stages: collecting information in the personal data information system, scanning the personal data information system, gaining access to the personal data information system, securing personal data in the information system, generating a report; at the same time, security analysis it is always associated with unauthorized access to data.

Result. To prevent unauthorized access to data by means of "sniffing attacks", the following software and hardware solutions are proposed to minimize the consequences of unauthorized exposure to the personal data information system: the use of the HTTPS protocol, a secure version of the HTTP protocol; the use of a static ARP table generated manually; scanning of the computer network of the personal data information system by the AntiSniff program; encryption of the computer network traffic networks of the personal data information system.

Conclusion.The presented hardware and software solutions allow minimizing the consequences of unauthorized impact on personal data information systems.

1. Geekkies: сайт. – 2022. – URL. https://geekkies.in.ua/crossplatform/chto-takoe-virtualbox-i-kak-ej-polzovatsja.html (дата обращения: 05.07.2022).

2. RU-center: сайт. – 2022. – URL. https://www.nic.ru/help/bazy-dannyh-1228/ (дата обращения: 05.07.2022).

3. Академик – информационная безопасность: сайт. – URL. https://dic.academic.ru/dic.nsf/dic_economic_law/5569/ (дата обращения: 05.07.2022). (In Russ)

4. Академик – официальная терминология: сайт. – 2022. – URL. https://official.academic.ru/7175 (дата обращения:

5. 07.2022). (In Russ)

6. Академик – словарь чрезвычайных ситуаций: сайт. – 2022. – URL. https://dic.academic.ru/dic.nsf/emergency/777/ (дата обращения: 05.07.2022). (In Russ)

7. Astaykin, A. I. Methods and means of providing software and hardware protection of information: scientific and technical edition / A. I. Astaykin, A. P. Martynov, D. B. Nikolaev, V. N. Fomchenko. – Sarov: Russian Federal Nuclear Center – VNIIEF, 2015; 224.Text: electronic // Digital educational resource IPR SMART: [website]. – URL: https://www.iprbookshop.ru/60959.html (accessed: 05.07.2022). – Access mode: for authorization. users. (In Russ)

8. Bashly P. N. Information security and information protection: textbook / P. N. Bashly, A.V. Babash, E. K. Baranova. – Moscow: RIOR, 2013; 222. Text: electronic. URL: https://znanium.com/catalog/product/405000 (accessed: 05.07.2022). (In Russ)

9. Wikipedia – Kali Linux: website. – URL. https://ru.wikipedia.org/wiki/Kali_Linux (accessed: 05.07.2022).

10. Gatchin Yu. A. Fundamentals of information security: a textbook / Yu. A. Gatchin, E. V. Klimova. – St. Petersburg: ITMO University, 2009;84. Text: electronic. Digital educational resource IPR SMART: [website]. – URL: https://www.iprbookshop.ru/67463.html (accessed: 05.07.2022). – Access mode: for authorization. users. (In Russ)

11. Golembiovskaya O. M. Stages of formation of the threat model and the information security violator model taking into account changes in the legislation of the Russian Federation: textbook / O. M. Golembiovskaya, M. Yu. Rytov, K. E. Shinakov [et al.]. Saratov: University Education, 202; 265. Text: electronic // IPR SMART Digital Educational Resource: [website]. URL: https://www.iprbookshop.ru/109162.html (accessed: 05.07.2022). Access mode: for authorization. users. (In Russ)

12. Gromov Yu. Yu. Software and hardware protection of information systems: a textbook / Yu. Yu. Gromov, O. G. Ivanova, K. V. Starodubov, A. A. Kadykov. – Tambov: Tambov State Technical University, EBS DIA, 2017. – 193 p. – ISBN 978-5-8265-1737-6. – Text: electronic. Digital educational resource IPR SMART: [website]. – URL: https://www.iprbookshop.ru/85968.html (accessed: 05.07.2022). – Access mode: for authorization. users. (In Russ)

13. Consultant Plus – Federal Law "On Information, Information Technologies and Information Protection" dated 27.07.2006 N149-FZ: website. URL. http://www.consultant.ru/document/cons_doc_LAW_61798/(accessed: 05.07.2022). (In Russ)

14. The main problems of information protection in networks: site. 2022. URL. https://zen.yandex.com/media/id/5da8242eaad43600b1f1f9ed/osnovnye-problemy-zascity-informacii-v-setiah-5da82678c31e4900ae31ec07 (accessed: 05.07.2022). (In Russ)

15. The Government of Russia – Decree of the Government of the Russian Federation dated 01.11.2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems": website. – URL. http://government.ru/docs/all/84743 / (accessed: 05.07.2022). (In Russ)

16. Jealous A.V. Information security in organizations: a textbook. Moscow: AI Pi Ar Media, 2021; 83 Text: electronic // Digital educational resource IPR SMART: [website]. – URL: https://www.iprbookshop.ru/108227.html (accessed: 08.05.2022). – Access mode: for authorization. users. (In Russ)

17. I will take it myself – The choice and justification of the methodology for calculating economic efficiency: website. – URL. http://zdamsam.ru (accessed: 05.07.2022).

18. Skabtsov N. Information systems security audit.St. Petersburg: St. Petersburg, 2018. 272 p.: (Series "Programmer's Library").(In Russ)

19. FSTEC of Russia – Order of the FSTEC of Russia dated February 18, 2013 No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data when they are processed in personal data information systems": website. URL. https://fstec.ru/normotvorcheskaya/akty/53-prikazy/691-prikaz-fstek-rossii-ot-18-fevralya-2013-g-n-21 (accessed: 05.07.2022). (In Russ)

20. FSTEC of Russia – Federal Law "On Personal Data" dated 27.07.2006 N 152-FZ": website. URL. https://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/107-zakony/365-federalnyj-zakon-ot-27-iyulya-2006-g-n-152-fz?highlight=WyIxNTItXHUwNDQ0XHUwNDM3Il0 = (accessed: 05.07.2022). (In Russ)

21. Shangin V. F. Information security and information protection / V. F. Shangin. – 2nd ed. – Saratov: Vocational Education, 2019; 702. Text: electronic. Digital educational resource IPR SMART: [website]. URL: https://www.iprbookshop.ru/87995.html (accessed: 05.07.2022). Access mode: for authorization. users.Shangin, V. F. Complex information protection in corporate systems: a textbook. Moscow: FORUM: INFRA-M, 2020;592. (In Russ)