Analysis and features of the functioning of protected automated systems of internal affairs bodies under the influence of threats of unauthorized access

Objective. The purpose of the study is to analyze the features of the functioning of protected automated systems and develop a structural diagram of a typical ATS AS, which includes various structural elements.

Method. As a fundamental method of conducting research is the method of system analysis.

Result. Based on the developed typical structural diagram of the ATS AS, threats to web servers were identified in accordance with the official website of the FSTEC, and, in accordance with them, potential vulnerabilities (weak points in terms of information security) were identified; a classification of all potentially dangerous threats to the information resource of protected ATS automated systems was developed and presented.

Conclusion. The materials of the article can be used to analyze and develop a methodology for quantitatively assessing the risks of information security violations of the web servers of the ATS of the Russian Federation; methods for assessing the level of security of the ATS of the Russian Federation; methods of access of regular users of the RF ATS AS to the information resource of these systems based on semantic analysis.

1. Yazov Yu.K., Soloviev S.V. Protection of information in information systems from unauthorized access. Allowance.Voronezh: Quarta, 2015; 440.[In Russ]

2. Risk analysis of damage from threats to information security in the information and technical systems of internal affairs bodies: monograph.T. V. Meshcheryakova, E. A. Rogozin, I. V. Alekhin [and others]. Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2021; 63.[In Russ]

3. Mishin S.A., Wolf V.A., Nesterovsky O.I., Rogozin E.A., Kalach A.V. Analysis of the regulatory documentation of the FSTEC of RUSSIA in order to assess the security of operating systems of automated systems of internal affairs bodies. Bulletin of the Voronezh Institute of the Federal Penitentiary Service of Russia, 2022; 2:111-120.[In Russ]

4. Mochalov D.A., Wolf V.A., Romanova V.R., Rogozin E.A., Kalach A.V. Analysis of the existing threats of an external intruder to the information resource of web servers in the automated systems of the armed forces of the Russian Federation. Bulletin of the Voronezh Institute of the Federal Penitentiary Service of Russia. 2022; 1: 68-75.[In Russ]

5. On the approval of the Concept for ensuring the information security of the internal affairs bodies of the Russian Federation until 2020: order of the Ministry of Internal Affairs of Russia dated March 14, 2012 No. 169 [El.res.] Access mode: http://policemagazine. ru/forum/showthread.php?t=3663. (Date of treatment: 06.11.2022) [In Russ]

6. FSTEC of Russia. Methodical document. Methodology for assessing threats to information security (approved by the FSTEC of Russia on February 5, 2021) [El.res.]. Access mode: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/114-spetsialnye-normativnyedokumenty/2170-metodicheskij-dokument-utverzhden-fstek-rossii-5-fevralya-2021. (Date of treatment: 11/10/2022) [In Russ]

7. FSTEC of Russia. Data bank of information security threats. Information Security Threats [Electronic resource]. Access mode: https://bdu.fstec.ru/threat.– (Date of access: 11/10/2022) [In Russ]

8. On approval of the Doctrine of Information Security of the Russian Federation: Decree of the President of the Russian Federation dated 05.12.2016 No. 646. SPS "ConsultantPlus"(date of access:03/07/2018)[In Russ]

9. Popov A.D. Models and algorithms for evaluating the effectiveness of typical systems for protecting information from unauthorized access in automated systems of internal affairs bodies: dis. cand. tech. Sciences 05.13.19 / Popov A.D. - Voronezh., 2020;108.[In Russ]

10. Computer attack detection systems: textbook. V. T. Eremenko, A. P. Fisun, S. M. Makeev, B. I. Soloviev, D. O. Markin. - Eagle: OSU named after I. S. Turgenev, 2018; 135. [In Russ]