Vulnerability assessment of data transmission protocols in information systems

Abstract

During the period of rapid digitalization of society, modern technologies have become firmly established in many areas of the economy. Modern enterprises do not conduct business activity without modern means of digital communications, which allow the exchange of information both between the objects of the enterprise and the transmission of data to users outside the external perimeter of the enterprise network. The enterprise infrastructure may have information vulnerabilities that attackers use to intercept data, attack enterprise systems, or to attack the devices of system users. Such attacks can lead to hardware failures, service failures, software errors, data loss, etc. According to statistics from Positive Technologies in 2021, 33 % of Russian companies were exposed to cyberattacks using the vulnerability of the company's data transmission protocols, and 55 % of major global companies have serious vulnerabilities in the perimeter of the system. This article discusses the most common data transmission protocols that are used in automated process control systems. Types of vulnerabilities of protocols of various levels of the OSI model are given. The mechanisms of vulnerability implementation and methods of analyzing enterprise network traffic are considered. The statistics of impacts on data transmission protocols in various industries of their use, as well as statistics on violations of information security regulations in companies are provided. The article is based on the task of determining the signs of impacts and assessing the security of protocols in order to further develop solutions for measures to counteract the impact on the system of companies.