The article considers a comprehensive approach to the protection of information of a corporate multi-service communication network, which consists in the use of technical, hardware- program, and organizational-legal measures of protection. It was determined that the protection of information from unauthorized access and its leakage through technical channels is more effectively achieved by the use of technical means. In order to determine the direction of optimization of the corporate multi-service network protection complexes and general approaches to its implementation, a model of the communication network built according to the hierarchical principle is considered. The place of the corporate network in the communication network is determined. It is noted that a more rational approach to ensuring information protection should be considered the design stage, when it is possible to predict and implement a given level of protection. A general algorithm for designing a corporate network is proposed, which consists of the stages listed in the article. At the first stage, the selection and justification of the general topology of the protected corporate network adapted to the requirements of its users was carried out. The directions of the communication traffic between the sender and the recipient of information through the network are determined. Evaluation and calculation of information flows taking into account the scaling of the network, increasing the intensity and volume of traffic, the systematization of protection functions with the possibility of both generalization and localization of them are the subject of further research. When choosing the types of physical equipment for the provision and implementation of the specified classes and functions, protection is considered for three levels of the network: the hardware part of servers and workstations; communication equipment and communication channels; gateways, bridges and tunnels of the entire diameter of the network, including segments and domains. Identified directions for improving information protection at the hardware, channel, and network support levels. Based on the results of the research, it was concluded that the complexity of solutions to increase information protection is achieved in addition to the technical direction by hardware- software and organizational-legal ones.
Read full abstract