Research of the corporate network information protection system based on GNS3
DOI:
https://doi.org/10.18372/2310-5461.46.14807Keywords:
mathematical model, threat, system of protection, critical information resources.Abstract
A study of the information protection system of a corporate network based on GNS3 was performed. A simulation model of the corporate network protection system based on GNS3 has been built. The GNS3 program is a graphical network emulator that allows you to simulate a virtual network that consists of network equipment of more than twenty different manufacturers on a local computer, and connect a virtual network to a real network. The corporate network information protection system consists of Gateway, Firewall, Digital Signature Verifier and Logger microservices. We used elements that will allow us to test the protection system as a complete simulation model. A software package was developed using ASP.NET Core technology. The application architecture is implemented using the design pattern of "microservice architecture". Each element of the protection system, its role, functions and implementation are considered. SQL Injection and Cross-site scripting threat protection was implemented. Digital signature verification provides an additional layer of information security. The response of the corporate network information protection system to a threatened request is presented. Logging was analyzed using the Logger microservice, protection analysis will further identify weak points of protection and develop improvements.
Conducted stress tests using the Vega program (to fulfill the goals of the attacker, the Kali Linux software operating system was chosen) showed that the system is very resistant to attacks such as SQL Injection and Cross-site scripting. A simulation model of the corporate network protection system based on GNS3 using a digital signature of a minimum size with a specified level of stability has been developed. Statistical data on the reaction of the information protection system are analyzed. Conclusions are drawn about the effectiveness of the developed information protection system in the corporate network.
References
Курилов Ф. М. Моделирование систем защиты информации. Приложение теории графов. Технические науки: теория и практика: материалы III Междунар. науч. конф. Чита: Издательство Молодой ученый. 2016. С. 6–9.
Росенко А. П. Теоретические основы анализа и оценки влияния внутренних угроз на безопасность конфиденциальной информации: монографія. М.: Гелиос АРВ, 2008. 154 с.
Корнієнко Б. Я. Дослідження імітаційного полігону захисту критичних інформаційних ресурсів методом IRISK. Моделювання та інформаційні технології. 2018. Вип. 83. С. 34–41.
Корнієнко Б. Я. Побудова та тестування імітаційного полігону захисту критичних інформаційних ресурсів. Наукоємні технології. 2017. № 4 (36). С. 316–322. DOI: 10.18372/2310-5461.36.12229
Korniyenko B., Yudin A., Galata L. Risk estimation of information system. Wschodnioeuropejskie Czasopismo Naukowe. 2016. № 5. P. 35–40.
Корнієнко Б. Я., Юдін О. К., Снігур О. С. Безпека аутентифікації у web-ресурсах. Захист інформації. 2012. № 1 (54). С. 20–25. DOI: 10.18372/2410-7840.14.2056 (ukr).
Корнієнко Б. Я., Максімов Ю. О., Марутовська Н. М. Прикладні програми управління інформаційними ризиками. Захист інформації. 2012. № 4 (57). С. 60–64. DOI: 10.18372/2410-7840.14.3493 (ukr).
Galata, L., Korniyenko, B., Yudin, A.: Research of the simulation polygon for the protection of critical information resources. In: CEUR Workshop Proceedings, Information Technologies and Security, Selected Papers of the XVII International Scientific and Practical Conference on Information Technologies and Security (ITS 2017), 30 Nov 2017, Kyiv, Ukraine. Vol. 2067. Pp. 23–31, urn:nbn:de:0074-2067-8.
Raphael Hertzog, Jim O’Gorman, and Mati Aharoni. Kali Linux Revealed. Offsec Press, 2017. 347 p.
Lei Chen, Hassan Takabi, Nhien-An Le-KhacJohn Wiley & Sons. Security, Privacy, and Digital Forensics in the Cloud, 2019. 360 p.
Glen D. Singh, Rishi Latchmepersad. CompTIA Network+ Certification Guide, 2018. 422 p.
Dijiang Huang, Ankur Chowdhary, Sandeep Pisharody. Software-Defined Networking and Security: From Theory to Practice, 2018. 328 p.
Robert M. Lee. Active Cyber Defense Cycle, 2016. 651 p.
Jason C. Neumann, The Book of GNS3: Build Virtual Network Labs Using Cisco, Juniper, and More 1st Edition, 2015. 274 p.
Kwangjo Kim, Muhamad Erza Aminanto, Harry Chandra Tanuwidjaja. Network Intrusion Detection Using Deep Learning: A Feature Learning Approach, 2018. 79 p.
Korniyenko B., Galata L., Ladieva L. Security Estimation of the Simulation Polygon for the Protection of Critical Information Resources. CEUR Workshop Proceedings, Selected Papers of the XVIII International Scientific and Practical Conference "Information Technologies and Security" (ITS 2018) Kyiv, Ukraine, November 27, 2018. Vol. 2318. Pp. 176–187. urn:nbn:de:0074-2318-4.
Kravets, P., Shymkovych, V.; Hardware Implementation Neural Network Controller on FPGA for Stability Ball on the Platform 2nd International Conference on Computer Science, Engineering and Education Applications, ICCSEEA 2019; Kiev; Ukraine; 26 January 2019 – 27 January 2019 (Conference Paper). Volume 938. Pp. 247–256.
Kravets P. I., Shymkovych V. M. and Samo¬tyy V. Method and technology of synthesis of neural network models of object control with their hardware implementation on FPGA. Proceedings of the 2017 IEEE 9th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). 2017. Vol. 2. Pp. 947–951.
Samotyy V., Telenyk S., Kravets P., Shymkovych V. and Posvistak T. "A real time control system for balancing a ball on a platform with FPGA parallel implementation", Technical Transactions. 2018. vol. 5. Pp. 109–118.
Arber B. and Davey, J. The use of the CCTA risk analysis and management methodology CRAMM. Proc. MEDINFO92. North Holland. 1992. Pp. 1589–1593.
Ryabko B. Y., Monarev V. A. Using information theory approach to randomness testing. Journal of Statistical Planning and Inference. 2005. Vol. 133. № 1. Pp. 95–110.
Chris Clymer, Ken Stasiak, Matt Neely, Stephen Marchewitz. IRisk Equatuion Available via https://securestate.en/iRisk-Equation-Whitepaper.pdf
Common Vulnerability Scoring System v 3.0: User Guide. Available via https://www.first.org/cvss/user-guide
