МОДЕЛЬ ЗАХИСТУ ЛОКАЛЬНОЇ МЕРЕЖІ НАВЧАЛЬНОГО ЗАКЛАДУ СЕРВЕРНОЇ СИСТЕМИ ВІРТУАЛІЗАЦІЇ

Valery  Lakhno; Kalaman  Yerbolat; Yagaliyeva Bagdat; Olena Kryvoruchko; Alona Desiatko; Svitlana Tsiutsiura; Mykola Tsiutsiura

doi:10.28925/2663-4023.2022.18.623

Authors

Valery Lakhno National University of Life and Environmental Sciences of Ukraine Kyiv https://orcid.org/0000-0001-9695-4543
Kalaman Yerbolat Satbayev University Almaty https://orcid.org/0000-0002-8607-737X
Yagaliyeva Bagdat Essenov University https://orcid.org/0000-0001-9695-4543
Olena Kryvoruchko National University of Trade and Economics https://orcid.org/0000-0002-7661-9227
Alona Desiatko Kyiv National University of Trade and Economics https://orcid.org/0000-0003-2860-2188
Svitlana Tsiutsiura Kyiv National University of Construction and Architecture https://orcid.org/0000-0002-4377-0916
Mykola Tsiutsiura Kyiv National University of Construction and Architecture,Kyiv https://orcid.org/0000-0003-1658-7822

DOI:

https://doi.org/10.28925/2663-4023.2022.18.623

Keywords:

distributed networks, educational institution, information security, virtualization, IDS, SIEM

Abstract

A new approach for the information security (IS) improvement of the educational institution's network has been proposed. The proposed approach is structured and systematic. It allows one to assess the security of the network of an educational institution (for example, a university) as a whole, as well as its subsystems and components that provide IS of an educational institution. Statistical, expert, heuristic and other indicators have been used to assess the degree of security. The proposed model allows one to describe the procedure for securing the IS network of the university. A balanced system of IS indicators has been proposed, which will allow the effectiveness evaluation of the university's network protection. Also as part of the research, a model of a secure network of an educational institution has been built, where network devices were emulated in a virtual machine (VM) with the EVE-NG application installed. Other network resources have been reproduced with the server virtualization system Proxmox VE. The IPS Suricata threat detection system, the Splunk platform, and the Pi-Hole DNS filter have been deployed on PVE-managed hosts.

Downloads

Download data is not yet available.

References

Wijayanto, H., Prabowo, I. A. (2020). Cybersecurity Vulnerability Behavior Scale in College During the Covid-19 Pandemic. Jurnal Sisfokom (Sistem Informasi dan Komputer), 9(3), 395-399.

Ulven, J.B.; Wangen, G. A Systematic Review of Cybersecurity Risks in Higher Education. Future Internet 2021, 13, 39. https://doi.org/10.3390/fi13020039

Agrafiotis, I., Nurse, J. R., Goldsmith, M., Creese, S., Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1), tyy006.

Oreyomi, M., Jahankhani, H. (2022). Challenges and Opportunities of Autonomous Cyber Defence (ACyD) Against Cyber Attacks. Blockchain and Other Emerging Technologies for Digital Business Strategies, 239-269.

Watney, M. (2022). Cybersecurity Threats to and Cyberattacks on Critical Infrastructure: a Legal Perspective. European Conference on Cyber Warfare and Security, 21(1), 319–327. https://doi.org/10.34190/eccws.21.1.196

Laghari, S. U. A., Manickam, S., Al-Ani, A. K., Rehman, S. U., Karuppayah, S. (2021). SECS/GEMsec: A Mechanism for Detection and Prevention of Cyber-Attacks on SECS/GEM Communications in Industry 4.0 Landscape. IEEE Access, 9, 154380-154394.

Desolda, G., Ferro, L. S., Marrella, A., Catarci, T., Costabile, M. F. (2021). Human factors in phishing attacks: a systematic literature review. ACM Computing Surveys (CSUR), 54(8).

Zahra, S. R., Chishti, M. A., Baba, A. I., Wu, F. (2022). Detecting Covid-19 chaos driven phishing/malicious URL attacks by a fuzzy logic and data mining based intelligence system. Egyptian Informatics Journal, 23(2), 197-214.

Top 10 cyber risks for business URL: https://10guards.com/en/articles/2022-top-10-cyber-risks-for-business/ (date of access: 13.08.2022).

Alkhadra, R., Abuzaid, J., AlShammari, M., Mohammad, N. (2021, July). Solar winds hack: In-depth analysis and countermeasures. In 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT) (pp. 1-7). IEEE.

Sheehan, B., Murphy, F., Kia, A. N., Kiely, R. (2021). A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research, 24(12), 1619-1638.

Merchan-Lima, J., Astudillo-Salinas, F., Tello-Oquendo, L., Sanchez, F., Lopez-Fonseca, G., Quiroz, D. (2021). Information security management frameworks and 1 institutions: a systematic review. Annals of Telecommunications, 76(3), 255-270.

Alexei, L. A., Alexei, A. (2021). Cyber security threat analysis in higher education institutions as a result of distance learning. International Journal of Scientific and Technology Research, (3), 128-133.

Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press.

Leszczyna, R. (2021). Review of cybersecurity assessment methods: Applicability perspective. Computers & Security, 108, 102376.

Ferrari, R. M., Teixeira, A. M. (2021). Detection of Cyber-Attacks: A Multiplicative Watermarking Scheme. In Safety, Security and Privacy for Cyber-Physical Systems (pp. 173-201). Springer, Cham.

Naurazova, E. A., SHamilev, S. R. (2016). Model informacionnoj bezopasnosti v raspredelennyh setyah. Ekonomika. Biznes. Informatika, 2(4), 27-37.

What switches are best for school districts URL: https://info.hummingbirdnetworks.com/blog/bid/315722/what-switches-are-best-for-school-districts (date of access: 26.08.2022).

Moraliyage, H., Sumanasena, V., De Silva, D., Nawaratne, R., Sun, L., Alahakoon, D. (2022). Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence using Explainable Deep Learning. IEEE Access.

What is a UPS and How Does it Protect Your Network? https://ltnow.com/blog/ups-protect-network/ (date of access: 25.08.2022).

Suricata: home URL: https://suricata.io/ (date of access: 03.10.2022).

SPLUNK короткий посібник https://coderlessons.com/tutorials/bolshie-dannye-i-analitika/vyuchit-splunk/splunk-kratkoe-rukovodstvo (date of access: 20.10.2022).

Lakhno, V., Akhmetov, B., Smirnov, O., Chubaievskyi, V., Khorolska, K., Bebeshko, B. (2023). Selection of a Rational Composition of İnformation Protection Means Using a Genetic Algorithm. Lecture Notes on Data Engineering and Communications Technologies, 131, 21-34.

Lakhno, V., Kasatkin, D., Desiatko, A., Chubaievskyi, V., Tsuitsuira, S., Tsuitsuira, M. (2023). Indicators Systematization of Unauthorized Access to Corporate Information. Lecture Notes on Data Engineering and Communications Technologies, 131, 569-580.

Lakhno, V., Akhmetov, B., Mohylnyi, H., Blozva, A., Chubaievskyi, V., Kryvoruchko, O., Desiatko, A. (2022). Multi-criterial optimization composition of cyber security circuits based on genetic algorithm. Journal of Theoretical and Applied Information Technology, 100(7), 1996-2006.

Lakhno, V., Blozva, A., Kasatkin, D., Chubaievskyi, V., Shestak, Y., Tyshchenko, D., Brzhanov, R. (2022). Experimental studies of the features of using waf to protect internal services in the zero trust structure. Journal of Theoretical and Applied Information Technology, 100(3), 705-721.

Nashynets-Naumova А. Yu., Buriachok V. L., Korshun N. V., Zhyltsov О. B., Skladannyi P. М., Kuzmenko L. V. (2020). Technology for information and cyber security in higher education institutions of Ukraine. Information Technologies and Learning Tools, 77(3), 337–354. https://doi.org/10.33407/itlt.v77i3.3424

Buriachok, V. L., Bogush V. М., Borsukovskii, Y. V., Skladannyi, P. M., Borsukovska, V. Y. (2018). Training model for professionals in the field of information and cyber security in the higher educational institutions of Ukraine. Information Technologies and Learning Tools, 67(5), 277–291. https://doi.org/10.33407/itlt.v67i5.2347

Buriachok, V., Shevchenko, S., ZhdanovаY., Skladannyi, P. (2021). Interdisciplinary approach to the development of is risk management skills on the basis of decision-making theory. Cybersecurity: Education, Science, Technique, 3(11), 155-165. https://doi.org/10.28925/2663-4023.2021.11.155165.

Buriachok, V., Korshun, N., Shevchenko, S., Skladannyi, P. (2020). Application of ni multisim environment in the practical skills building for students of 125 CYBERSECURITY SPECIALTY. Cybersecurity: Education, Science, Technique, 1(9), 159-169. https://doi.org/10.28925/2663-4023.2020.9.159169

Buriachok, V. L., Shevchenko, S. M., Skladannyi, P. M. (2018). Virtual Laboratory for Modeling of Processes in Informational and Cyber Securities as a form of Forming Practical Skills of Students. Cybersecurity: Education, Science, Technique, 2(2), 98-104. https://doi.org/10.28925/2663-4023.2018.2.98104.

Shevchenko, S., Zhdanovа, Y., Spasiteleva, S., Skladannyi, P. (2020). Conducting a swot-analysis of information risk assessment as a means of formation of practical skills of students specialty 125 CYBERSECURITY. Cybersecurity: Education, Science, Technique, 2(10), 158–168. https://doi.org/10.28925/2663-4023.2020.10.158168.

THE MODEL OF SERVER VIRTUALIZATION SYSTEM PROTECTION IN THE EDUCATIONAL INSTITUTION LOCAL NETWORK

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

index

Language

Make a Submission

counter

Information

Developed By

Current Issue