SCALABLE ARCHITECTURE OF NETWORK SECURITY SYSTEMS

• Main Authors: Oleg Yu. Guzev, Ivan V. Chizhov
• Format: Article
• Language: Russian
• Published: The Fund for Promotion of Internet media, IT education, human development «League Internet Media» 2019-04-01
• Series: Современные информационные технологии и IT-образование
• Subjects: network functions virtualization; software-configured network; load balancing; informa-tion security; certification; SDN; NFV; OpenFlow; blockchain; information security
• Online Access: http://sitito.cs.msu.ru/index.php/SITITO/article/view/495

As a rule, certified means of ensuring network security are highly specialized complexes with a constant hardware and software platform. The main disadvantage of this architecture is the impossibility of transparent scaling of devices when the computing power of the network increases. In addition, the development and support of such a complex is complicated, as the hardware platform quickly becomes obsolete, which results in the necessity for replacing it, which means that the software components for the support of new equipment need to be improved. The paper describes the scalable architecture of network security systems, allowing manufacturers to simplify the process of updating and developing information security tools. The main feature of the new architecture is the focus on the provision of a set of specialized micro-services. It is based on the principles of virtualization of network functions and it uses the concept of a unified trusted software and hardware platform. Each network function runs on a hardware and software platform running by the hypervisor operating system. It is clear that in the case of certification for the security requirements of the final products, it is necessary to ensure confidence in the hardware platform, operating system and hypervisor. However, the architecture requires unification of the software and hardware platform for all network functions. This makes it easier for developers to support end-products. Thanks to a single trusted platform, the architecture allows simplifying certification procedures for information security requirements in the process of supporting and developing the final product. Load balancing and architecture consistency are provided by means of implementing the technology of decentralized distributed registries (blockchain).