CHOICE OF OPTION FOR IMPLEMENTATION OF THE MULTILEVEL SECURE ACCESS TO THE EXTERNAL NETWORK
Read the full article
For citation: Kolomoitcev V.S. Choice of option for implementation of the multilevel secure access to the external network. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2016, vol. 16, no. 1, pp. 115–121.
We study the optimal way for design of access scheme called "Direct Connection. This scheme provides a secure access to external network resources, and consists of several groups of routers and two kinds of firewalls. The scheme is considered in view of the fact that the system has got common areas of removing threats in the channel for different means of protection. Parameters of average residence time of request in the system and its reliability were obtained for each variant of access scheme. Based on the results, comparison of the ways of design for access scheme was carried out between themselves and with the standard access scheme (with onefirewall). It was found out that design of access scheme with a single group of routers for the whole system has better performance and reliability than the other variants of "Direct Connection" access scheme.
Acknowledgements. I would like to express my gratitude to V.A. Bogatyrev for his assistance during the study.
1. Gatchin Yu.A., Zhariniv I.O., Korobeynikov A.G. mathematical Estimation models of information security system infrastructure at the enterprise. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2012, no. 2(78), pp. 92–95. (In Russian)
2. Aliev T.I. Design of systems with priorities. Journal of Instrument Engineering, 2014, vol. 57, no. 4, pp. 30–35. (In Russian)
3. Bogatyrev V.A., Bogatyrev A.V., Bogatyrev S.V. Intervals optimization of systems information security inspection. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2014, no. 5(93), pp. 119–125. (In Russian)
4. Ellison R.J., Fisher D.A., Linger R.C., Lipson H.F., Longstaff T.A., Mead N.R. Survivable network systems: an emerging discipline. Technical Report CMU/SEI-97-TR-013. Pittsburgh, 1997.
5. Ellison R.J., Fisher D.A., Linger R.C., Lipson H.F., Longstaff T.A., Mead N.R. Survivability: protecting your critical systems. IEEE Internet Computing, 1999, vol. 3, no. 6, pp. 55–63. doi: 10.1109/4236.807008
6. Bogatyrev V.A., Bogatyrev A.V., Golubev I.Yu., Bogatyrev S.V. Queries distribution optimization between clusters of fault-tolerant computing system. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2013, no. 3(85), pp. 77–82.
7. Bogatyrev V.A., Bogatyrev A.V. Functional reliability of a real-time redundant computational process in cluster architecture systems. Automatic Control and Computer Sciences, 2015, vol. 49, no. 1, pp. 46–56. doi: 10.3103/S0146411615010022
8. Bogatyrеv V.A. Exchange of duplicated computing complexes in fault-tolerant systems. Automatic Control and Computer Sciences, 2011, vol. 45, no. 5, pp. 268–276. doi: 10.3103/S014641161105004X
9. Bogatyrеv V.A., Bogatyrеv S.V., Golubev I.Y. Optimization and the process of task distribution between computer system clusters. Automatic Control and Computer Sciences, 2012, vol. 46, no. 3, pp. 103–111. doi: 10.3103/S0146411612030029
10. Savel'ev S. Modern corporate information secure system. Storage News, 2008, no. 3 (36), pp. 10–14. (In Russian)
11. Romanov M. The fault-tolerant safety. Storage News, 2007, no. 2 (31), pp. 20–24. (In Russian)
12. Eremenko A.V., Levitskaya E.A., Sulavko A.E., Samotuga A.E. Differentiation of access to information based on hidden monitoring of users of computer systems: continuous identification. SibADI Journal, 2014, no. 6 (40), pp. 92–102.
13. Peisert S., Talbot E., Bishop M. Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems. Proc. 2012 New Security Paradigms Workshop, NSPW'12. Bertinoro, Italy, 2012, pp. 15–26.
14. Whitmore J.J. A method for designing secure solutions. IBM Systems Journal, 2001, vol. 40, no. 3, pp. 747–768. doi: 10.1147/sj.403.0747
15. Goncharov E.I. Setting up data exchange between personal data information systems of different class. Bezopasnost Informatsionnykh Tekhnology, 2011, no. 2, pp. 75–78.
16. Rome J.A. Enclaves and Collaborative Domains. Oak Ridge, 2003. Available at: http://web.ornl.gov/~webworks/cppr/y2001/pres/117259.pdf (accessed 18.11.2015).
17. Kolomoitsev V.S. A comparative analysis of approaches to secure connection of the corporate network nodes to shared network. Kibernetika i Programmirovanie, 2015, no. 2, pp. 46–58. (In Russian) doi: 10.7256/2306-4196.2015.2.14349
18. Shlyapkin A.V. Methods and tools countering attacks on computer networks. Informatsionnye Sistemy i Tekhnologii: Upravlenie i Bezopasnost', 2014, no. 3, pp. 325–330.
19. Kolomoitsev V.S., Bogatyrеv V.A. Evaluating the effectiveness and justification of choice of the structural organization of the system of multi-level secure access to extranet resources. Informatsiya i Kosmos, 2015, no.3, pp. 71–79. (In Russian)
20. Kolomoitsev V.S. Analysis of opportunities of firewall types. Materialy Konferentsii Informatsionnaya Bezopasnost' Regionov Rossii IBRR-2015 [Proc. Information Security of Russian Regions 2015]. St. Petersburg, 2015, pp. 218–219.
21. Bogatyrеv V.A. Reliability of accommodation of functional resources in uniform computer networks. Elektronnoe Modelirovanie, 1997, no. 3, pp. 21–29. (In Russian)
22. Bogatyrеv V.A. On the distribution of functional resources in the failover multicomputer systems. Pribory i Sistemy. Upravlenie, Kontrol', Diagnostika, 2001, no. 12, pp. 1–5. (In Russian)
23. Bogatyrеv V.A., Bogatyrеv S.V. Association reservation servers in clasters highly reliable computer system. Informatsionnye Tekhnologii, 2009, no. 6, pp. 41–47.
24. Shcheglov K.A., Shcheglov A.Yu. The reservation methods capabilities to enhance integral information and operational security level of modern informational systems. Informatsionnye Tekhnologii, 2015, vol. 21, no. 7, pp. 521–527.