ORGANIZATIONAL STRUCTURE OF PROTECTION OF A DISTRIBUTED NETWORK OF THE ENTERPRISE BASED ON CISCO SECURITY GATEWAYS

Abstract

When building a corporate network of an organization, the task of uniting its segments that are spread over a long distance often arises. In this case, part of the traffic passes through an unsecured public network, which can cause the leakage of confidential information. To solve this problem, there are standard approaches, one of which is the use of firewalls with VPN technology. With their help, you can build secure communication channels, filter external traffic based on certain rules or templates, ensuring the required level of protection. In this work, it is proposed to use the Cisco ASA 5505 hardware inter-network screen, which can be used to implement a demilitarized zone for corporate servers and create a virtual private network. A description of the structure of the organization is given, which includes the main office with workplaces and a remote branch that is connected remotely via a global network. Hardware based on Cisco equipment was selected, a practical model of the organization's distributed network was created, access lists were configured, allowing to receive responses to requests to servers, and equipment was configured in the Cisco Packet Tracer environment. The proposed configuration of the network, which contains two firewalls, allows to ensure a high level of its security and provides an opportunity for employees of the organization to conduct work remotely, having a confidential access channel to the resources of the company's corporate network. The demilitarized zone is implemented by configuring the security levels on the ports of the ASA 5505 security gateway. The assigned numerical values determine the security level in different directions of traffic exchange. The results of this work can be practically useful to small companies or individual users who seek to increase the level of network security by using the Cisco ASA 5505 hardware firewall.