Datortīklu un to piekļuves drošības vadība caur programmdefinēto tīklošanu

Abstract

Kā nodrošināt drošību tīklā, ir nepieciešams zināt katram tīkla administratoram. Lai būtu pamati pēc kā vadīties, tiek pielietota drošības labā prakse, tomēr ne vienmēr tā tiek nodrošināta, jo tīklu administratori liek prioritāti, piemēram, tīkla pieejamībai. Lai šo risinātu, Džons Kindervargs 2010. gadā ieviesa konceptu: Zero Trust. Tā galvenā doma ir nekad neuzticēties nevienai iekārtai un vienmēr pārbaudīt tās. Darbs tiks izstrādāts Cisco Packet Tracer simulētā vidē. Šajā darbā autora mērķis bija izveidot centralizēti pārvaldītu tīkla modeli, kas liedz piekļuvi neautentificētiem lietotājiem un novērš neautorizētas darbības. Mērķis tika daļēji sasniegts, jo darba vide bija ierobežota. Toties izdevās realizēt pašu topoloģiju, programmdefinētās tīklošanas kontrolieri un lietojumprogrammas saskarnes automatizāciju, kas arī ir vistuvākais programmdefinētās tīklošanas realizācijai. Autora darbs centās ieviest nulle uzticamības pamatprincipu “nekad neticēt, vienmēr pārbaudīt”.

Every network administrator has to know how to ensure network security. Network security best practices are applied to provide the basics to guide, but they are not always fully provided because network administrators prioritize, for example, network availability. John Kinderward introduced the concept: Zero Trust in 2010. Its main idea is never to trust any device and always test them. Network model will be developed in a Cisco Packet Tracer simulated environment. In this work, the author's goal was to create a centrally managed network model that denies access to unauthenticated users and prevents unauthorized actions. The target was partially met because of the limitations of the working environment. However, the topology itself, the software-defined networking controller and the automation of the application programming interface, which is also the closest to the implementation of SDN, the author succeeded. The author's work sought to introduce a Zero Trust basic principle, “never trust, always verify".Every network administrator has to know how to ensure network security. Network security best practices are applied to provide the basics to guide, but they are not always fully provided because network administrators prioritize, for example, network availability. John Kinderward introduced the concept: Zero Trust in 2010. Its main idea is never to trust any device and always test them. Network model will be developed in a Cisco Packet Tracer simulated environment. In this work, the author's goal was to create a centrally managed network model that denies access to unauthenticated users and prevents unauthorized actions. The target was partially met because of the limitations of the working environment. However, the topology itself, the software-defined networking controller and the automation of the application programming interface, which is also the closest to the implementation of SDN, the author succeeded. The author's work sought to introduce a Zero Trust basic principle, “never trust, always verify.” Keywords: Zero Trust Architecture, Cisco Packet Tracer, Software-defined network, application programming interface automatization