The Fault-Tolerant Structure of Multilevel Secure Access to the Resources of the Public Network
The paper presents the evaluation of the effectiveness of the structural organization of the system of multi-level secure access to external network resources. We conducted a comparative analysis and optimization of the pattern of access ‘Direct connection’, with its various forms of implementation during the organization of a secure connection of end-node internal network to the resources located in the external network. The study was conducted on the basis that each security element is included in the pattern of the secure access is able to detect and eliminate the threats of the other elements of the system of protection. Pattern of access ‘Direct connection’ in a general form has four variants of construction, differing from each other by mutual arrangement of the key elements: firewall with packet-filtering, firewall with adaptive detailed packet inspection and the router. It was a mathematical model to calculate the reliability of the ways of construction of the pattern of access. It is shown that the most reliable way of construction of pattern of access is one that includes a single group of routers for the entire system. Ways are not very different from each other reliability value that include two groups of routers on the overall system.
KeywordsFirewalls Corporate networks Information security Fault tolerance Access pattern Reliability Networking
The work is partially supported by Government of St. Petersburg grant.
- 4.Kolomoitcev, V.S.: A comparative analysis of approaches to organizing of secure connection of the corporate network nodes to the public network. Cybern. Program. (2), 46–58 (2015). http://en.e-notabene.ru/kp/article_14349.html
- 6.Peisert, S., Talbot, E., Bishop, M.: Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems. In: Proceedings of 2012 New Security Paradigms Workshop (NSPW 2012), Bertinoro, Italy, pp. 15–26 (2012)Google Scholar
- 8.Kolomoitcev, V.S.: Choice of option for implementation of the multilevel secure access to the external network. Sci. Tech. J. Inf. Technol. Mech. Opt. 16(1), 115–121 (2016)Google Scholar
- 12.Bogatyrev, V.A., Bogatyrev, A.V.: The reliability of the cluster real-time systems with fragmentation and redundant service requests. Inf. Technol. 22(6), 409–416 (2016)Google Scholar
- 13.Bogatyrev, V.A., Slastikhin, I.A.: Efficiency of redundant query execution in multi-channel service system. Sci. Tech. J. Inf. Technol. Mech. Opt. 16(2), 311–317 (2016)Google Scholar
- 16.Bogatyrev, V.A.: Protocols for dynamic distribution of requests through a bus with variablelogic ring for reception authority transfer. Autom. Control Comput. Sci. 33(1), 57–63 (1999)Google Scholar
- 19.Kolomoitcev, V.S., Bogatyrev, V.A.: Selecting multilevel structure secure access to resources external network. In: Conference of Distributed Computer and Communication Networks: Control, Computation, Communications (DCCN-2015), pp. 525–532 (2015)Google Scholar
- 20.Kolomoitcev, V.S., Bodrov, K.U., Krasilnikov, A.V.: Calculating the probability of detection and removal of threats to information security in data channels. In: 2016 XIX IEEE International Conference on Soft Computing and Measurements (SCM), St. Petersburg, Russia, pp. 25–27 (2016)Google Scholar
- 21.Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivable network systems: an emerging discipline. http://www.cert.org/research/97tr013.pdf
- 22.Kenneth, I., Stephanie, F.: A history and survey of network firewalls. University of New Mexico, p. 42 (2002)Google Scholar