Сравнительный анализ правового обеспечения информационной безопасности в России и за рубежом
In the article the concept of the electronic document to the Russian legislation, describing the legal status of an electronic document that specifies the location of the electronic document in proof system of criminal and civil procedure, the range of problems in terms of raising the evidentiary value of electronic documents and on the basis of existing international agreements and practical experience in the U.S. this area, offers ways of improving legislation to overcome this legal conflict.
The use of hardware virtualization for ensuring information security is discussed. A review of various approaches to improving the security of software systems based on virtualization is given. A review of possible scenarios of using virtualization by intruders is also presented. The application domains and limitations of the available solutions and perspectives of future development in the field are discussed.
This paperwork overviews core technologies implemented by comparably new products at information security market - web application firewalls. Web applications are a very wide-used and convenient way of presenting remote users with access to corporate information resources. It can however become single point of failure rendering all the information infrastructure unreachable for legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web server, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of ISO/OSI model and serves as a controlling tunnel for all the traffic heading to and from company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention web application firewalls are equipped with various mechanisms of data exchange session “normalness” control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means like denial of service, XSS injection and CRRF attack prevention. Ability to research and add user rules to be processed along with vendor-provided ones is important since every company has its own security policy and, therefore the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on wide practice experience integrating web application firewalls into security landscape of various organizations, their administration and customization. We illustrate our research of available filtering mechanisms and their implementations with example product features by market leaders, schemes and screenshots from real web application firewall systems.
The article analyses the existing legal regulation of the problem of defi nition of concepts of “electronic document” and “electronic message”, correlation of these concepts and also the problem of authenticity and feasibility of electronic document as a means of evidence in civil and arbitrazh proceedings.