Foydalanilgan adabiyotlar ro‘yhati
1.
ГОСТ Р 50922-2006. Защита информации. Основные термины и
определения [Текст]. 2006. 12 с.
2.
https://www.dissercat.com
International scientific conference "INFORMATION TECHNOLOGIES, NETWORKS AND
TELECOMMUNICATIONS" ITN&T-2022 Urgench, 2022y April 29-30
588
METHODOLOGY FOR BUILDING SECURE TELECOMMUNICATIONS
NETWORKS
Serjanova Dilbar
Assistant teacher at Tashkent University of Information Technologies,
Nukus branch
Annotation
This
article
describes
the
methodology
for
building
secure
telecommunications networks of their system and technical aspects, the full range
of solutions for designing and building a secure network, data network protection
objects, the implementation of information security measures for the data network.
Keywords:
network routing, maintenance system, continuity, complexity,
timeliness, scientific validity.
One of the emerging problems of information security is related to the fact
that the pace of development and implementation of new telecommunication
technologies and networks based on them is significantly ahead of the pace of
accumulation of knowledge and experience in the study and research of modern
data transmission technologies and the development of methods and measures to
ensure their information security.
The importance of the problem of ensuring information security is
confirmed by numerous specific facts of malicious information violations in the
field of communications and informatization.
The development of telecommunications networks, the increase in the
number of links with international information networks, including the Internet, the
growth in the bandwidth of telecommunications channels expands the number of
potential intruders who have the technical ability to carry out unauthorized access.
When building a secure network, take into account a number of interrelated
system-technical aspects:
-
structure (topology) of the network, technical means of the network
infrastructure (naming services, address configuration, network management and
monitoring), the structure of external links;
-
network routing;
-
requirements for reliability, performance;
-
the composition of protected resources, specific requirements for the
organization of protection (network security policy);
-
requirements for integration with key systems and additional means of
authentication, organization of management of means of protection, monitoring
and audit of network security;
-
requirements for harmonization of security policies for network protection,
intrusion detection tools, application protection[2].
The set of requirements for ensuring the information security of the data
networks should take into account the characteristics of other functional areas
related to ensuring the reliability and stability of the functioning of the data
International scientific conference "INFORMATION TECHNOLOGIES, NETWORKS AND
TELECOMMUNICATIONS" ITN&T-2022 Urgench, 2022y April 29-30
589
networks. The most important requirements that must be met by protection
mechanisms adopted to align with the data networks framework include the
following requirements:
a)
information security measures should be based on the principles of the
data networks functional model;
b)
information security measures should be consistent with the object-
oriented data and information model of the data networks;
c)
information security measures should be applicable to all types of data
networks information security objects;
d)
decisions on the introduction of backup communications and reserve
management should be consistent with the appropriate actions to ensure the
stability of the functioning of the data networks and restore the disrupted process
of its functioning.
At the last stage of operation, after the product has lost its consumer
qualities, the operation of its disposal is performed.
A full range of solutions for designing and building a secure network
includes:
-
collection of accurate initial data (an extremely important stage, since the
lack of initial data on a particular port or network connection can lead to a
compromise of the network as a whole);
-
development of a security policy (classification of resources and threats,
prioritization of information protection tasks);
-
designing a security system (including issues of building an infrastructure
or embedding it into an existing security infrastructure);
-
system integration, including stage-by-stage commissioning and transfer of
a working network to a secure operation mode, technical support, analysis of
security problems and consulting support for system reconfiguration[2].
According to modern concepts of information security management, the
formation of information security should be carried out at the design stage, laid
down during creation, provided and maintained during operation through
systematic control (at all stages) and targeted impact on the conditions and factors
affecting information security.
In this regard, a systematic approach is of great importance for solving the
problem of ensuring information security, which is the basis for creating a
systemic concept of information security management. The main goal of this
approach is to ensure the required level of security and maintain it throughout the
entire life cycle, based on the analysis of all stages of the creation of a data
networks in terms of their impact on information security, through the integrated
application of various measures, methods and means of ensuring information
security.
At the same time, all changes in the data networks, starting from the moment
of its creation (the emergence of the need for its creation) and ending with
complete disposal, form a life cycle.
International scientific conference "INFORMATION TECHNOLOGIES, NETWORKS AND
TELECOMMUNICATIONS" ITN&T-2022 Urgench, 2022y April 29-30
590
The construction of the Maintenance System and its functioning should be
carried out in accordance with the following basic principles: legitimacy,
consistency, complexity, continuity, timeliness, continuity and continuity of
improvement, reasonable sufficiency, flexibility of the protection system, openness
of algorithms and protection mechanisms, ease of use of protective equipment,
scientific validity and technical feasibility.
Legality involves the implementation of protective measures and the
development of the data network IS Maintenance System in accordance with the
current legislation in the field of information, informatization and information
protection, other regulatory acts on information security approved by state
authorities and administration within their competence, using all permitted
methods for detecting and suppressing offenses when working with information.
Consistency implies taking into account all interrelated, interacting and time-
changing elements, conditions and factors that are essential for understanding and
solving the problem of ensuring the information security of data network.
Complexity implies the coordinated use of heterogeneous tools in the
construction of an integral IS Maintenance System that covers all significant
(significant) channels for the implementation of threats and does not contain
weaknesses at the junctions of its individual components.
Continuity. Ensuring information security is not a one-time event and not a
simple set of measures taken and established means of protection, but a continuous
purposeful process that involves the adoption of appropriate measures at all stages
of the data network life cycle, starting from the earliest stages of design, and not
only at the stage of its operation.
Timeliness implies the proactive nature of measures to ensure information
security, that is, the setting of tasks for the integrated protection of the SAP and the
implementation of information security measures at the early stages of developing
the SAP in general and it’s IS Maintenance System in particular.
The development of IS Maintenance System should be carried out in
parallel with the development and development of the data network itself. This will
make it possible to take into account security requirements when designing the
architecture and, ultimately, to create a more efficient (both in terms of resource
costs and in terms of stability) secure data network.
Continuity and continuity of improvement imply continuous improvement of
measures and means of protection based on the continuity of organizational and
technical solutions, personnel, analysis of the functioning of the data network.
Reasonable sufficiency (economic feasibility, comparability of possible
damage and costs) implies that the level of costs for ensuring information security
is consistent with the value of information resources and the amount of possible
damage from their disclosure, loss, leakage, destruction and distortion.
Flexibility. The measures taken and the means of protection installed,
especially in the initial period of their operation, can provide both an excessive and
insufficient level of protection. In order to be able to vary the level of protection,
the protection means must have a certain flexibility[1].
International scientific conference "INFORMATION TECHNOLOGIES, NETWORKS AND
TELECOMMUNICATIONS" ITN&T-2022 Urgench, 2022y April 29-30
591
Openness of algorithms and protection mechanisms. The essence of this
principle is that protection should not be provided only at the expense of the
secrecy of the structural organization and the algorithms for the functioning of its
subsystems.
Ease of use of protective equipment. Protection mechanisms should be
intuitive and easy to use. The use of protection means should not be associated
with knowledge of special languages or with the performance of actions that
require significant additional labor costs during the normal work of users
registered in the established order, and should not require the user to perform
routine operations that are incomprehensible to him (entering several passwords
and names, etc.).
Scientific validity and technical feasibility. Information technologies,
hardware and software tools, scientifically substantiated in terms of achieving a
given level of information security, and must comply with established information
security standards and requirements.
Do'stlaringiz bilan baham: |