RESEARCH OF INFORMATION SECURITY PROVISION METHODS IN A VIRTUAL ENVIRONMENT
DOI:
https://doi.org/10.28925/2663-4023.2025.27.703Keywords:
інформаційна безпека; віртуалізовані середовища; системи захисту мережі; виявлення вторгнень; проксі-сервер; моніторинг безпеки; контроль інфраструктури; zero trust; мікросегментація.Abstract
In today’s world of technological development and dependence, unfortunately, most IT assets of companies remain vulnerable due to a combination of technical and organizational factors, such as outdated technologies, configuration errors and the human factor. These weaknesses become the main entry points for cyber threats, allowing attackers to gain unauthorized access to data, disrupt services or launch large-scale attacks. The lack of a systematic approach to security significantly increases the risks of losing critical information and downtime. Analysis of existing threats, such as DDoS attacks, data leaks and hypervisor compromise, demonstrates the need for a comprehensive, multi-layered approach to protection. The use of firewalls, intrusion detection and prevention systems (IDS/IPS), SIEM solutions, as well as monitoring platforms allows you to effectively control traffic, detect anomalies and respond quickly to incidents. This article examines the issues of ensuring information security in virtualized environments using network protection systems, intrusion detection, proxy server, security monitoring and infrastructure control. Attention is also focused on the vulnerabilities of information systems associated with the use of outdated technologies, insufficient network segmentation, as well as errors in the configuration of security solutions. The comprehensive application of modern security technologies and flexible architectural approaches form a reliable basis for further improvement of information resource protection systems in virtualized environments. A multi-level protection architecture is proposed that integrates modern systems and is based on the concepts of Zero Trust, micro-segmentation and multi-level protection (Defense in Depth). The tests conducted confirmed the effectiveness of the implemented security measures for the developed system, the results of which confirmed the effectiveness in detecting and preventing modern cyber threats, ensuring reliable protection of critical information resources in a dynamic environment.
Downloads
References
Protection of information. Technical protection of information. Basic provisions. (DSTU 3396.0-96). (b.d.). State Service of Special Communications and Information Protection of Ukraine.
Information security, cybersecurity and privacy protection. Information security management systems. (DSTU ISO/IEC 27001:2023). (b.d.). State Enterprise “Ukrainian Research and Training Centre for Standardisation, Certification and Quality” (SE “UkrNDNC”).
Information technologies. Methods of protection. Code of Practice on Information Security Measures for Cloud Services Based on ISO/IEC 27002. (DSTU ISO/IEC 27017:2016). Technical Committee for Standardisation “Information Technology” (TC 20).
Cyber operations by russia: new goals, tools and groups. Analytics on the hacker attacks against Ukraine in H1 2024. (2024). State Service of Special Communications and Information Protection of Ukraine. https://cip.gov.ua/en/news/cyber-operations-rf-h1-2024-report
National Security and Defense Council of Ukraine. Major international and Ukrainian cybersecurity news in September 2024. (2024). https://www.rnbo.gov.ua/en/Diialnist/7027.html
Syed, N. F., Shah, S. W., Shaghaghi, A., Anwar, A., Baig, Z., Doss, R. (2022). Zero Trust Architecture (ZTA): A Comprehensive Survey. IEEE Access, 10, 57144–57145. https://doi.org/10.1109/ACCESS.2022.3174679
Mukhopadhyay, M., Chakraborty, S., Chakrabarti. A. (2022). Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems. Journal of Information Security, 2(1), 28–38. https://doi.org/10.4236/jis.2011.21003
Ghasemshirazi, S., Shirvani, G., Alipour, M. (2022). Zero Trust: Applications, Challenges, and Opportunities. Graduate University of Advanced Technology, 16–17. https://doi.org/10.48550/arXiv.2309.03582
Campbell, M. (2020). Beyond Zero Trust: Trust Is a Vulnerability. Computer, 53(10), 110–113. https://doi.org/10.1109/MC.2020.3011081
Buqing, W. (2023). Analysis of a new firewall constructed on Pfsense with Snort to defend against common internet intrusions. Applied and Computational Engineering, 43, 244–250. https://doi.org/10.54254/2755-2721/43/20230841
Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.
Skladannyi, P., et al. (2023). Improving the Security Policy of the Distance Learning System based on the Zero Trust Concept. In: Cybersecurity Providing in Information and Telecommunication Systems, vol. 3421, 97–106.
Syrotynskyi R., et al. (2024). Methodology of Network Infrastructure Analysis as Part of Migration to Zero-Trust Architecture. In: Cyber Security and Data Protection, vol. 3800, 97–105.
Vorokhob, M., Kyrychok, R., Yaskevych, V., Dobryshyn, Y., & Sydorenko, S. (2023). Modern perspectives of applying the concept of zero trust in building a corporate information security policy. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(21), 223–233. https://doi.org/10.28925/2663-4023.2023.21.223233
Kriuchkova, L., Skladannyi, P., & Vorokhob, M. (2023). Pre-project solutions for building an authorization system based on the zero trust concept. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(19), 226–242. https://doi.org/10.28925/2663-4023.2023.13.226242
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Ростислав Цехмейстер, Артем Платоненко, Максим Ворохоб, В’ячеслав Черевик
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
