Syrotynskyi, R. та Tyshyk, I. та Kochan, O. та Sokolov, Volodymyr та Skladannyi, Pavlo (2024) Methodology of network infrastructure analysis as part of migration to zero-trust architecture Cyber Security and Data Protection 2024 (3800). с. 97-105. ISSN 1613-0073
![[thumbnail of R_Syrotynskyi_I_Tyshyk_O_Kochan_V_Sokolov_P_Skladannyi_CSDP_2024_3800 (1).pdf]](https://elibrary.kubg.edu.ua/style/images/fileicons/text.png) |
Текст
R_Syrotynskyi_I_Tyshyk_O_Kochan_V_Sokolov_P_Skladannyi_CSDP_2024_3800 (1).pdf Download (2MB) |
Анотація
The limitations of traditional security models are becoming increasingly apparent in the face of new cyber threats and the growing complexity of the network environment. Traditional security approaches, often based on perimeter defense, heavily rely on the assumption that threats originate outside the network and that internal entities can be trusted. This assumption is no longer valid, as modern threats frequently bypass perimeter defenses and exploit internal vulnerabilities. Moreover, the rise of remote work, cloud computing, and the proliferation of mobile devices have expanded the attack surface, making it difficult to ensure comprehensive protection with traditional models. To further enhance the security level of an enterprise’s network infrastructure, there is a need for a transition to a zero-trust (ZT) architecture, which requires a thorough methodological analysis of the existing network infrastructure and its information assets. There is a noticeable dependence on the implementation of the fundamental principles of ZT and the effective iterative implementation of the new security model on the transparency of the network structure, the assets involved, and the overall implemented information security policy. This paper presents a comprehensive methodology for analyzing an enterprise’s network infrastructure, which is a critically important component in the process of implementing a ZT architecture. The structure of the stages for assessing the security model of the network infrastructure and the enterprise security model has been formed. Approaches and practices for implementing measures aimed at obtaining the necessary information are described, and key data for forming reports and documenting results are proposed. The proposed methodology includes detailed asset identification, mapping data flows, and application inventory, as well as a rigorous assessment of user access and behavior. By systematically evaluating each aspect of the network, organizations can identify vulnerabilities, develop a micro-segmentation strategy, enhance access controls, and align their security policies with ZT principles
| Тип елементу : | Стаття |
|---|---|
| Ключові слова: | zero-trust architecture; network assessment; NIST; access evaluation; network inventory; least access; data flow; user access; network host |
| Типологія: | Статті у базах даних > Scopus |
| Підрозділи: | Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка |
| Користувач, що депонує: | Павло Миколайович Складанний |
| Дата внесення: | 19 Лист 2024 07:59 |
| Останні зміни: | 19 Лист 2024 07:59 |
| URI: | https://elibrary.kubg.edu.ua/id/eprint/49910 |
Actions (login required)
 |
Перегляд елементу |