CC BY
8UDC 004.414.22
ADMINISTRATION OF COMPLEX METHODS OF SECURITY OF A LAN ON THE EXAMPLE OF THE URGENCH BRANCH OF TUIT
T.A. Khudaybergenov1
Abstract
This paper is devoted to LAN security analyses. Methods of complex security organization of LAN of Urgench branch of TUIT branch are described. The results of analyses and propositions of security organization activities in the network of the branch are given in the paper.
Keywords: network, LAN, security, levels, realization
New information technologies actively take root into all spheres of a national economy. Emergence of local and global networks of data transmission gave to users of computers new opportunities of expeditious exchange of information. In process of development and complication of means, methods and forms of automation of processing of information dependence of society on degree of safety of the information technologies used by it increases
The threat to security is understood as possible danger (potential or real) commission of any act (action or inaction) directed against the object of protection (information resources) causing damage to the owner or user, which is shown it is in danger of distortion, disclosures or losses of information.
Typical technique of safety includes:
• Studying of basic data on a network;
• An assessment of the risks connected with implementation of threats to security concerning network resources;
• The analysis of mechanisms of safety on organizational level, a security policy of the organization and organizational and administrative documentation on providing the mode of information security and an assessment of their compliance to requirements of the existing normative documents, and also their adequacy to the existing risks;
• The manual analysis of configuration files of the routers, firewalls and proxy servers exercising control of gateway interactions post and DNS servers, and also other critical elements of network infrastructure;
• Scanning of external network addresses LAN from the Internet;
• Scanning of the LAN resources from "inside";
• The analysis of a configuration of servers and LAN workstations by means of specialized software.
The analysis of security is a basic element of such mutually crossed types of works as certification, audit and inspection of security.
In view of the demanded conditions of the available network (Pic.2.) an assessment of security was developed the following model (Pic. 1.)
Having carried out the analysis of Branch's network, the following was revealed:
• Physical access to the Server room just conditionally limited;
• There are no cameras to supervision in corridors (it is impossible to define precisely, who and when came into the Server room);
• Between the server and Internet access there is no Firewall (risk of breaking from the outside);
• "Rules and security policies" aren't followed;
• There is no notification about responsibility for violation of the law concerning theft of information;
1Худайбергенов Тимур Артурович - ассистент кафедры «Информационные технологии», Ургенчский филиал Ташкентского университета информационных технологий, Узбекистан.
YneHbiH XXI BeKa • 2016 • № 3-2 (16)
• There is no antivirus software on the personal computer (anti-virus bases aren't updated, antiviruses use trial keys, or the antivirus is absent in general)
Network
Software security controls
Hardware security controls
Administrative rights Physical access Corporate Legislative
Pic. 1. Security Levels
Pic. 2. Existing Branch Network-Common project of the LAN
On the basis of the considered threats and methods of protection recommendations, which purpose - to reduce probability of the threats proceeding from internal violators are formulated:
Software security controls level
On the server Linux OS has to be established, it practically deny probability of infection of the server with malicious software.
Use obligatory a set of means of protection - antivirus software. It is better and more convenient, when all components from one producer. If it is expensive, it is possible will handle to open source software.
Hardware security controls level
To install the "intelligent" operated switchboards possessing expanded opportunities in respect of safety, for example the port-security function;
Between the Server and Internet access, existence of Firewall and Router with the adjusted ACL is obligatory
Administrative rights level
Responsibility and privileges have to be distributed so that not to assume individuals or group of the individuals who entered arrangement to illegal management of processes on a method of compound keys that can lead to serious damage and losses;
On the server and computers entering a network "Rules and security policies" have to be followed.
Physical access level
It is necessary to put cameras of video of supervision opposite to the Server room to ensure safety and to exclude unauthorized access.
Corporate level
MAC addresses of the computers that in this network have to be registered in settings of switchboards, that will exclude unauthorized connections of foreign devices
For reduction of risk of threat of deciphering of passwords it is recommended: to set the minimum length of the password and period of change of passwords;
To use enciphering of a network traffic on application or network level. Using of the IPSec protocol is recommended;
Important element of decrease in possible damage is procedure of regular backup of important information;
Strategy of safety of a corporate network, control, architecture, policy, standards, procedures and guidelines have to be defined and take root taking into account possibility of attacks of the clever, rational and irrational hacker which having intention to do much harm to organization;
All unoccupied slots (ports, sockets) of computers have to be disconnected on software level.
The Legislative level
It is necessary to organize a complex of internal normative documents on safety, and also to instruct the personnel.
As a result of implementation of the thesis on the example of the TUIT Urgench branch. - security policies of a local network was developed:
•First of all confidentiality of data was provided.
•Secondly security of that data weren't changed, changed or destroyed was provided.
•In the third availability of data was provided.
For achievement of the specified purposes a number of tasks was executed:
• The analysis of the existing model of a network TUIT UF was carried out;
• Possible sources of threats of objects of attack in a local network of were revealed;
• The main unsafe knots of a network were revealed;
• Offers on standards of a security system were made;
• The project of model of safety taking into account the found unsafe knots was prepared;
• The complex of actions for information security in a network was developed;
• The analysis of efficiency of realization of a security policy was carried out to networks of the enterprise.
Ученый XXI века • 2016 • № 3-2 (16)
References:
1. A. V. Sokolov, V. F. Shangin "Information security in the distributed corporate networks and systems", DMK the Press, 2002.
2. H. Osterlokh TCP/IP. "Family of protocols of data transmission in networks of computers" "Diasoftyup", 2002.
3. V. Zima, A. Moldovyan, N. Moldovyan "Security of global network technologies", BHV-St. Petersburg, 2002.
4. A.V. Lukatsky "Defining of attacks", BHV-St. Petersburg, 2003.
5. D. Medvedkovsky, B. V. Semyanov, D. G. Leonov, A. V. Lukatsky "Atack from Internet", 2002.
6. D. Sklyarov "Art of protection and hacking of information", BHV-St. Petersburg, 2004.
© T.A. Khudaybergenov, 2016
УДК 004.414.22
АДМИНИСТРИРОВАНИЕ КОМПЛЕКСНЫХ МЕТОДОВ БЕЗОПАСНОСТИ ЛОКАЛЬНЫХ СЕТЕЙ НА ПРИМЕРЕ УРГЕНЧЕСКОГО ФИЛИАЛА ТУИТ
Т.А. Худайбергенов
Аннотация: Данная статья посвящена анализу безопасности локальных вычислительных сетей. В ней описаны методы организации комплексной безопасности ЛВС Ургенческого филиала ТУИТ. В материале даны результаты анализа и предложения по организации безопасности в сети филиала.
Ключевые слова: сеть, ЛВС, безопасность, уровни, реализация
© Т.А. Худайбергенов, 2016
