Journal: Volume 28, No. 3, 2023
Pages: 5 – 15
DOI: https://doi.org/10.24025/2306-4412.3.2023.284551
1,424 Views

Organizational structure of technical protection of information at the network level using vpn technology

Oleksandr Havrysh, Yurii Obruch, Anatolii Chepynoga, Artem Honcharov, Оlena Panasko
Received 29.06.2023
Revised 15.08.2023
Accepted 18.09.2023

Abstract

Recently, connecting employees to the company’s internal network remotely through public resources has become widespread among small and medium-sized companies. In this case, the issue of information protection has become acute since a certain share of information may circulate through an unprotected network. Currently, VPN technology, which has many options for implementing networks for different purposes of use, is widely used. Among the variety of implementations, this research has chosen the construction of a VPN network based on Cisco equipment as an object of research. This approach has been chosen because of the prevalence and availability of equipment, and the availability of a simulator to design, set up and test the network. The organization structure, in which employees can work both inside and outside the corporate network, has been described. At the same time, each of the employees is supposed to have equal opportunities to connect to servers securely and work with data related to the organization’s activities. Accordingly, for the employees who work remotely, the issue of information security is specifically acute. Therefore, the authors propose a network model, which consists of three zones: the main office, the remote worker’s workplace, and a segment with servers located in the demilitarized zone (DMZ). The demilitarized zone provides an additional level of security for the local network, which minimizes damage in the event of an attack on one of the publicly available services: an external attacker has direct access only to the equipment in the DMZ. The VPN technology will be used as a means of protecting the connection of employees to servers with the organization’s data. The network hardware is selected. The Cisco 2811 router which is used to cover the needs of small organizations (up to 36 workplaces) is chosen to combine all segments into one network. Practical implementation of the VPN technology settings in the presented distributed network of the organization has been conducted. The computer network is simulated in the Cisco Packet Tracer environment. As a result of fulfilling the assigned tasks, security policies have been implemented in the network based on the use of Cisco VPN technology. This tool makes it possible to organize a secure VPN channel for connections from within the organization’s network, which, in turn, allows a remote employee to access the organization’s servers and data. The results of this work can be used by the companies or individual users who plan to integrate the VPN architecture, based on Cisco equipment, into their network infrastructure

Keywords

network; demilitarized zone; Packet Tracer simulator; Cisco; VPN tunnel; cryptographic map

References

[1] A framework for IP based virtual private networks. (n.d.). Retrieved from http://www.ietf.org/rfc/rfc2764.txt.

[2] Bartlett, G., & Inamdar, A. (2016). IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS. Cisco Press.

[3] Bollapragada, V., Mohamed, Kh., & Wainner, S. (2005). IPSec VPN Design. Cisco Press.

[4] Buriachok, V.L., Anosov, A.O., Semko, V.V., Sokolov, V.Yu., & Skladannyi, P.M. (2019). Technologies for ensuring network infrastructure security. Kyiv: KUBG.

[5] Cisco IOS quality of service solutions configuration guide. (n.d.). Retrieved from https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/command/qos-cr-book.pdf.

[6] Cisco packet tracer. (n.d.). Retrieved from https://www.netacad.com/ru/courses/packet-tracer.

[7] Construction of a secure Internet access node using VPN and tunneling technology. (n.d.). Retrieved from http://www.opennet.ua/docs/UAS/vpn_solution/.

[8] Crawford, D. (n.d.). OpenVPN over TCP vs. UDP: What is the difference, and which should I choose? Retrieved from https://www.bestvpn.com/blog/7359/openvpn-tcp-vs-udpdifferencechoose/.

[9] Galkin, V.V., & Parkhomenko, I.I. (2016). The use of VPN technologies for the protection of information in the channels of corporate networks. In Proceedings of the scientific and technical conference "Problems of Cyber Security of Information and Telecommunication Systems" (p. 66). Kyiv: KNU. 

[10] Graivoronsky, M.V., & Novikov, O.M. (2009). Security of information and communication systems: A textbook for universities. Kyiv: BHV.

[11] IPSec is a protocol for protecting network traffic at the IP level. (n.d.). Retrieved from https://www.ixbt.com/comm/ipsecure.shtml.

[12] Medvedev, N.G., & Moskalyk, D.V. (2002). Aspects of the information system of virtual private networks. Kyiv: European University.

[13] Melnyk, H.M., Verbovy, S.O., & Voznyak, S.I. (2018). Methodological recommendations for performing laboratory work in the discipline "Computer networks" for students of the bachelor's degree in specialty 123 "Computer engineering". Ternopil: TNEU.

[14] Mohan, V. Pawar, & Anuradha, J. (2015). Network security and types of attacks in network. Procedia Computer Science, 48, 503-506.

[15] Mykytyshyn, A.G., Mytnyk, M.M., & Stuhlyak, P.D. (2016). Complex security of information network systems: a study guide. Ternopil: Publishing House of Ivan Pulyuy TNTU.

[16] ND TZI 1.1-002-99 General provisions on the protection of information in computer systems against unauthorized access, order of the DSTSZI of the SBU dated 04/28/99 (Amendment No. 1 order of the State Special Communications Administration dated 12/28/2012 No. 806). Retrieved from https://tzi.com.ua/downloads/1.1-002-99.pdf.

[17] ND TZI 1.4-001-2000 Standard provisions on the information protection service in automated systems, order of the DSTSZI of the SBU dated 04.12.2000 No. 53 (Amendment No. 1 order of the Administration of State Special Communications dated 28.12.2012 No. 806). Retrieved from https://tzi.com.ua/ downloads/1.4-001-2000.pdf.

[18] Normann, R. (n.d.). We choose the VPN protocol. Retrieved from http://www.osp.ua/ win2000/2001/07/175027/.

[19] Overview of Cisco Interface Cards for Cisco Access Routers. (n.d.). Retrieved from https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/ic/hardware/installation/guide /oview_ic.pdf?dtid=osscdc000283.

[20] Pure hardware VPNs uale high-availability tests. (n.d.). Retrieved from https://web.archive.org/ web/20070923013848/.

[21] Semenov, S.G., et al. (2014). Information protection in computer systems and networks. Kharkiv: NTU "KhPI".

[22] Vasylyna, A.V., Yalovy, M.M., & Tsibulyak, B.Z. (2013). Protection of qualified communication channels using virtual private network systems. In Proceedings of the international academic-practical conference "Problems and Prospects of Civil Protection" (pp. 266-268). Kharkiv: Publishing House of the National Center of Ukraine.

[23] VPN protocols. (n.d.). Retrieved from https://www.cactusvpn.com/ua/beginners-guide-to-vpn/vpnprotocol/.

[24] What is SSL? (n.d.). Retrieved from http://www.ods.com.ua/win/uas/security/ssl.html.

[25] Zhilin, A.V., Shapoval, O.M., & Uspenskyi, O.A. (2021). Information protection technologies in information and telecommunication systems: training manual. Kyiv: KPI named after Igor Sikorskyi, Polytechnic Publishing House.

Suggested citation

Havrysh, O., Obruch, Y., Chepynoga, A., Honcharov, A., & Panasko, O. (2023). Organizational structure of technical protection of information at the network level using vpn technology . Bulletin of Cherkasy State Technological University, 28(3), 5-15. https://doi.org/10.24025/2306-4412.3.2023.284551