In opinion of experts on information computer technologies, the greatest threat to information systems and databases proceeds not from the super hackers pursuing bad purposes. The purposes, and more likely from sources to which we absolutely trust. The realistic estimation of threat with the subsequent development of corresponding security measures can provide effective protection against the majority of encroachments on information resources of the organization. And it does not demand excessive efforts.

Recommendations on the safety of systems, presented below, were developed for the aid to the administrators of networks and the leaders of the divisions of safety in the estimation of risk and the creation of countermeasures. Such important aspects, as physical safety, safety, connected with life-support systems and number of others, here are not examined. They are not examined here and the possible mechanisms of the realization of the protective systems - too the different methods this of reaching for the different operating systems.

Visualize that as a result of the reorganization of your company many colleagues were discharged. And they here once at night to you report that the server malfunctioned. You appear to the data center, open door and reveal that the accommodation looks like the field of battle. Two new counters SAN (Storage Area Network) lie on the floor. The yellow warning fires blink on the disk drives and the controllers. The tile, which covers floor, is dismantled, and into the gaping opening discarded server. Reserve tapes are everywhere scattered... Will be required not one day, in order to be dismantled, what data you lost, but that still it is possible to restore. The colleagues of the security service revealed motion into the server from the empty room by a number, in which was assumed the same false floor.

Recently among the users of local networks and particular citizens grows uneasiness apropos of the appropriate security assurance of information, which is stored in the computers. The preoccupation is completely justified, since the volume of classified information about companies and private individuals, which is gathered and are stored in the local networks offices of state, hospitals and financial organizations, constantly it grows. Therefore the task of producing the rules, which would regulate transfer and exchange of the particular and corporate information of confidential nature, acquires special urgency.

Port 80 is standard for web- sites and it can have many different problems of safety. These holes can allow hacker to obtain administrative access to web- site, or even to web- server himself. This article examines some signatures, characteristic for such attacks, and also that the fact that one should search for in the ravines.

As noted earlier, in the network the Internet increasing propagation obtains the attacks on the accessibility of data. The possibility of their successful conducting escapes from the vulnerability of the base protocols of exchange of data carriers in the network the Internet. In addition to this, are typical weaknesses of the realization of protocols TCP/IP, inherited by contemporary operating systems. Let us examine the attacks on the accessibility of the base functions Windows NT, which received propagation into 1997-1998 and the caused need developments by firm Microsoft of the special additions of software. The consequence of conducting such attacks is the disturbance of the functioning of entire system independently of utilized applied supply program! In the brackets are indicated the numbers and the names its related documents in Microsoft Knowledge Base (KB).

Multilevel architecture of client/server

In the contemporary information systems, built in the architecture of client/server, usually are separated three levels:

* the level of idea (realizing the functions of introduction and mapping of data);

* applied level (corresponding for the universal services, and also the functions, specific for the specific subject area);

* the level of access to the information resources (fulfilling the characteristic functions of storage and control of information-computing resources).

The majority of concepts of administration OS Microsoft Windows NT removes special role to numerous disordered of the parameters OS, give insufficient attention to questions of the determination of roles administrator and other privileged users OS. Thus, is not considered the fact that even some regular actions of users can bear the threat of safety entire OS, not to mention the errors of administration or the ill-intended actions on the breaking of the separate elements of the protective system.