Naučno-tehničeskij Vestnik Informacionnyh Tehnologij, Mehaniki i Optiki (Jun 2023)
Criterion of the network infrastructure security
Abstract
The problem of assessing the security of a network infrastructure is considered. The aim of the work is to formalize a fast computable network security metric intended for use in optimization problems aimed at rebuilding the network according to security requirements. Three metrics with varying degrees of detail are proposed to achieve this goal. To do this, a set of essential features of the network infrastructure has been formed. The level of detail of the metric allows taking into account the terminal access as well as the actual structure of the network path from the subject to the accessobject. The proposed base metric was compared with previously published metrics by other authors. It is shown that the metric is sensitive to changes in essential network parameters, and the results of its calculation are consistent with the results of calculation of other metrics. Using the metric, the network segmentation method based on the grouping of subjects and objects was evaluated. It is shown that this method can significantly increase the security of the network by combining similar subjects and objects into groups even in the absence of firewall rules. The proposed metrics can be used as a basis for methods of segmenting the network infrastructure and rebuilding the existing network according to security requirements. They do not depend on a subjective assessment, and also do not take into account the presence of known vulnerabilities the closing of which affect security in general, but does not reflect the security of the network interaction. The most significant advantage can be considered as much faster calculation in comparison with analogues.
Keywords