The Fault-Tolerant Structure of Multilevel Secure Access to the Resources of the Public Network

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 678)

Abstract

The paper presents the evaluation of the effectiveness of the structural organization of the system of multi-level secure access to external network resources. We conducted a comparative analysis and optimization of the pattern of access ‘Direct connection’, with its various forms of implementation during the organization of a secure connection of end-node internal network to the resources located in the external network. The study was conducted on the basis that each security element is included in the pattern of the secure access is able to detect and eliminate the threats of the other elements of the system of protection. Pattern of access ‘Direct connection’ in a general form has four variants of construction, differing from each other by mutual arrangement of the key elements: firewall with packet-filtering, firewall with adaptive detailed packet inspection and the router. It was a mathematical model to calculate the reliability of the ways of construction of the pattern of access. It is shown that the most reliable way of construction of pattern of access is one that includes a single group of routers for the entire system. Ways are not very different from each other reliability value that include two groups of routers on the overall system.

Keywords

Firewalls Corporate networks Information security Fault tolerance Access pattern Reliability Networking 

References

  1. 1.
    Aliev, T.I., Rebezova, M.I., Russ, A.A.: Statistical methods for monitoring travel agencies. Autom. Control Comput. Sci. 49(6), 321–327 (2015)CrossRefGoogle Scholar
  2. 2.
    Bogatyrev, V.A., Bogatyrev, S.V., Golubev, I.Y.: Optimization and the process of task distribution between computer system clusters. Autom. Control Comput. Sci. 46(3), 103–111 (2012)CrossRefGoogle Scholar
  3. 3.
    Arustamov, S.A., Bogatyrev, V.A., Polyakov, V.I.: Back Up Data Transmission in Real-Time Duplicated Computer Systems. In: Abraham, A., Kovalev, S., Tarassov, V., Snášel, V. (eds.) IITI 2016. AISC, vol. 451, pp. 103–109. Springer, Heidelberg (2016). doi:10.1007/978-3-319-33816-3_11 Google Scholar
  4. 4.
    Kolomoitcev, V.S.: A comparative analysis of approaches to organizing of secure connection of the corporate network nodes to the public network. Cybern. Program. (2), 46–58 (2015). http://en.e-notabene.ru/kp/article_14349.html
  5. 5.
    Whitmore, J.J.: A method for designing secure solutions. IBM Syst. J. 40(3), 747–768 (2001)CrossRefGoogle Scholar
  6. 6.
    Peisert, S., Talbot, E., Bishop, M.: Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems. In: Proceedings of 2012 New Security Paradigms Workshop (NSPW 2012), Bertinoro, Italy, pp. 15–26 (2012)Google Scholar
  7. 7.
    Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: protecting your critical systems. IEEE Internet Comput. 3(6), 55–63 (1999)CrossRefGoogle Scholar
  8. 8.
    Kolomoitcev, V.S.: Choice of option for implementation of the multilevel secure access to the external network. Sci. Tech. J. Inf. Technol. Mech. Opt. 16(1), 115–121 (2016)Google Scholar
  9. 9.
    Bogatyrev, V.A., Bogatyrev, A.V.: Functional reliability of a real-time redundant computational process in cluster architecture systems. Autom. Control Comput. Sci. 49(1), 46–56 (2015)CrossRefGoogle Scholar
  10. 10.
    Bogatyrev, V.A.: Exchange of duplicated computing complexes in fault tolerant systems. Autom. Control Comput. Sci. 45(5), 268–276 (2011)CrossRefGoogle Scholar
  11. 11.
    Bogatyrev, V.A.: Fault tolerance of clusters configurations with direct connection of storage devices. Autom. Control Comput. Sci. 45(6), 330–337 (2011)CrossRefGoogle Scholar
  12. 12.
    Bogatyrev, V.A., Bogatyrev, A.V.: The reliability of the cluster real-time systems with fragmentation and redundant service requests. Inf. Technol. 22(6), 409–416 (2016)Google Scholar
  13. 13.
    Bogatyrev, V.A., Slastikhin, I.A.: Efficiency of redundant query execution in multi-channel service system. Sci. Tech. J. Inf. Technol. Mech. Opt. 16(2), 311–317 (2016)Google Scholar
  14. 14.
    Bogatyrev, V.A., Parshutina, S.A.: Redundant distribution of requests through the network by transferring them over multiple paths. In: Vishnevsky, V., Kozyrev, D. (eds.) DCCN 2015. CCIS, vol. 601, pp. 199–207. Springer, Heidelberg (2016). doi:10.1007/978-3-319-30843-2_21 CrossRefGoogle Scholar
  15. 15.
    Bogatyrev, V.A.: An interval signal method of dynamic interrupt handling with load balancing. Autom. Control Comput. Sci. 34(6), 51–57 (2000)MathSciNetGoogle Scholar
  16. 16.
    Bogatyrev, V.A.: Protocols for dynamic distribution of requests through a bus with variablelogic ring for reception authority transfer. Autom. Control Comput. Sci. 33(1), 57–63 (1999)Google Scholar
  17. 17.
    Bogatyrev, V.A.: On interconnection control in redundancy of local network buses with limited availability. Eng. Simul. 16(4), 463–469 (1999)MathSciNetGoogle Scholar
  18. 18.
    Aliev, T.: The synthesis of service discipline in systems with limits. In: Vishnevsky, V., Kozyrev, D. (eds.) DCCN 2015. CCIS, vol. 601, pp. 151–156. Springer, Heidelberg (2016). doi:10.1007/978-3-319-30843-2_16 CrossRefGoogle Scholar
  19. 19.
    Kolomoitcev, V.S., Bogatyrev, V.A.: Selecting multilevel structure secure access to resources external network. In: Conference of Distributed Computer and Communication Networks: Control, Computation, Communications (DCCN-2015), pp. 525–532 (2015)Google Scholar
  20. 20.
    Kolomoitcev, V.S., Bodrov, K.U., Krasilnikov, A.V.: Calculating the probability of detection and removal of threats to information security in data channels. In: 2016 XIX IEEE International Conference on Soft Computing and Measurements (SCM), St. Petersburg, Russia, pp. 25–27 (2016)Google Scholar
  21. 21.
    Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivable network systems: an emerging discipline. http://www.cert.org/research/97tr013.pdf
  22. 22.
    Kenneth, I., Stephanie, F.: A history and survey of network firewalls. University of New Mexico, p. 42 (2002)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Department of Computation TechnologiesITMO UniversitySt. PetersburgRussia

Personalised recommendations