Architecture for ensuring the security of modern IT infrastructure of the enterprise

Authors

  • Oleh Kopiika Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv, Ukraine https://orcid.org/0000-0003-0189-3915
  • Oleksandr Shapoval Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv, Ukraine https://orcid.org/0000-0002-4960-2235

DOI:

https://doi.org/10.20535/2411-1031.2021.9.1.249831

Keywords:

data center, security systems architecture, availability, digital data protection and management

Abstract

The methodical bases of designing the security architecture of the IT infrastructure of the enterprise are considered. The architecture of the security system provides the necessary level of IT assets protection by describing approaches to the organization and formation of requirements for personnel, processes and technologies. The task of IT security is to ensure the protection of valuable information and its availability to authorized users. The security architecture includes three components: the process of risk management discipline; network zoning; echelon protection. The first component is based on the discipline of risk management. The process consists of four successive steps: identification and valuation of IT assets; identification of security risks; security risk analysis; reducing security risks. The second component is echelon protection – we assume that countermeasures are created at five levels of IT infrastructure: physical access; networks; nodes; at the data level; at the application level. The third component is network zoning. IT infrastructure is logically divided into zones with different components and protection requirements – the private zone contains assets that are fully controlled; the public area contains assets with which external customers interact. The architecture of the IT infrastructure security defines the fundamental principles of building IT services and their relationship. Security services consist of: perimeter security services, certificate management services. The perimeter security service monitors the flow of network traffic between two network segments, and provides: protection of internal servers from network attacks; implementation of network zoning, access policies and network use; traffic monitoring and detection of malfunctions. The Certificate Management Service is responsible for managing the lifecycle of security certificates used in cryptographic information security and digital signature systems. The certificate service, in particular, ensures the use of: digital signature; smart cards for user authentication; secure mail; software authorization; use of IPSec protocol; use of an encrypted file system; use of SSL and TLS protocols at the enterprise. When developing an IT infrastructure security architecture, we highlight the following criteria for quality assessment: the relationship between architectures, manageability, performance, consolidation, interoperability, and standardization.

Author Biographies

Oleh Kopiika, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv

doctor of technical science, senior researcher, professor at the cybersecurity and application of information systems and technologies academic department

Oleksandr Shapoval, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv

senior lecturer at the cybersecurity and application of information systems and technologies academic department

References

S. Dovgiy, and O. Kopiika, “Changing business models of IT management at the nature management enterprise in connection with the development of service-oriented information technologies“, Ecological safety, no. 1 (37), pp. 5-19, 2021, doi: https://doi.org/10.32347/2411-4049.2021.1.5-19.

S. Dovgiy, and O. Kopiika, “Improving the efficiency of enterprise management through the transformation of IT infrastructure”, Mathematical modeling in economics, iss. 1-2, pp.7-16, 2017.

L. Berkman, and O. Kopiyka, “Theoretical bases methodology synthesis of information and communication systems“, Telecommunication and Informative Technologies, no. 4, pp. 12-20, 2014.

ITIL® V3 Foundation Course Glossary. [Online]. Available: https: //itil.it.utah.edu/downloads/ ITILV3_Glossary.pdf. Accessed on: Jan 21, 2021.

What is IT Infrastructure? [Online]. Available: https://www.ecpi.edu/blog/what-is-it-infrastructure. Accessed on: Jan 21, 2021.

Beginner’s Guide to IT Infrastructure Management. [Online]. Available: https://www.smartsheet.com/it-infrastructure-management-services-guide. Accessed on: Jan 21, 2021.

What is infrastructure (IT infrastructure)? Definition from WhatIs.com. SearchDataCenter. [Online]. Available: https://searchdatacenter.techtarget.com/definition/infrastructure. Accessed on: Jan 21, 2021.

S. Dovgiy, New technologies in telecommunications: the choice of technological architecture. Modern development trends, Kiev, Ukrtelecom, 2001.

Reference architectures MSA. Кyiv, Ukraine: BHN, 2005.

O. Kopiyka, “Network architecture in the modern data centers“, Scientific notes Ukrainian Research Institute of Communications, no. 2 (30), pp. 34-41, 2014.

O. Kopiyka, “Network services and network devices service in the data center”, Control, navigation and communication systems, iss. 4 (28), pp. 98-104, 2013.

International organization for standardization. (2013, Sept. 25). ISO/IEC 27001, Information technology. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/ru/standard/54534.html. Accessed on: Jan 21, 2021.

J. Jonathan, “BICSI Data Center Standard: A Resource for Today’s Data Center Operators and Designers”, BICSI News Magazine, p. 28, 2010.

N. Susan, ”Standardization and Modularity in Data Center Physical Infrastructure”, Schneider Electric, p. 4, 2011.

The Telecommunications Industry Association. [Online]. Available: http://www.tiaonline.org/standards/. Accessed on: Jan 21, 2021.

The Telecommunications Industry Association. (2005, Apr. 12). ANSI/TIA-942, Telecommunications Infrastructure Standard for Data Centers. [Online]. Available: https://tiaonline.org/products-and-services/tia942certification/ansi-tia-942-standard/. Accessed on: Jan 21, 2021.

Bylaws of the building industry consulting service international. (2019, Jan. 21). ANSI/BICSI 002, Data Center Design and Implementation Best Practices. [Online]. Available: https://www.bicsi.org/standards/available-standards-store/single-purchase/ansi-bicsi-002-2019-data-center-design. Accessed on: Jan 21, 2021.

Downloads

Published

2021-06-24

How to Cite

Kopiika, O., & Shapoval, O. (2021). Architecture for ensuring the security of modern IT infrastructure of the enterprise. Collection "Information Technology and Security", 9(1), 100–111. https://doi.org/10.20535/2411-1031.2021.9.1.249831

Issue

Vol. 9 No. 1 (2021)

Section

ELECTRONIC COMMUNICATION SYSTEMS AND NETWORKS

License

Copyright (c) 2021 Information Technology and Security

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).