Methodology of Network Infrastructure Analysis as Part of Migration to Zero‐Trust Architecture - volodymyr-sokolov/publications GitHub Wiki
Conference Paper
Roman Syrotynskyi 
,
Ivan Tyshyk ,
Orest Kochan ,
Volodymyr Sokolov ,
Pavlo Skladannyi
The limitations of traditional security models are becoming increasingly apparent in the face of new cyber threats and the growing complexity of the network environment. Traditional security approaches, often based on perimeter defense, heavily rely on the assumption that threats originate outside the network and that internal entities can be trusted. This assumption is no longer valid, as modern threats frequently bypass perimeter defenses and exploit internal vulnerabilities. Moreover, the rise of remote work, cloud computing, and the proliferation of mobile devices have expanded the attack surface, making it difficult to ensure comprehensive protection with traditional models. To further enhance the security level of an enterprise's network infrastructure, there is a need for a transition to a zero-trust (ZT) architecture, which requires a thorough methodological analysis of the existing network infrastructure and its information assets. There is a noticeable dependence on the implementation of the fundamental principles of ZT and the effective iterative implementation of the new security model on the transparency of the network structure, the assets involved, and the overall implemented information security policy. This paper presents a comprehensive methodology for analyzing an enterprise's network infrastructure, which is a critically important component in the process of implementing a ZT architecture. The structure of the stages for assessing the security model of the network infrastructure and the enterprise security model has been formed. Approaches and practices for implementing measures aimed at obtaining the necessary information are described, and key data for forming reports and documenting results are proposed. The proposed methodology includes detailed asset identification, mapping data flows, and application inventory, as well as a rigorous assessment of user access and behavior. By systematically evaluating each aspect of the network, organizations can identify vulnerabilities, develop a micro-segmentation strategy, enhance access controls, and align their security policies with ZT principles.
access evaluation; data flow; least access; network assessment; network host; network inventory; NIST; user access; zero-trust architecture
Big Data; Denial of Service Attack; Network Security
2024 Cyber Security and Data Protection (CSDP)
30 June 2024 
Lviv, Ukraine
First Online: 24 October 2024
-
ISSN: 1613-0073
-
EID: 2-s2.0-85208811031
-
KUBG: 49910
Syrotynskyi, R., Tyshyk, I., Kochan, O., Sokolov, V., & Skladannyi, P. (2024). Methodology of Network Infrastructure Analysis as Part of Migration to Zero-Trust Architecture. In Cyber Security and Data Protection (Vol. 3800, pp. 97–105).
R. Syrotynskyi, I. Tyshyk, O. Kochan, V. Sokolov, and P. Skladannyi, “Methodology of Network Infrastructure Analysis as Part of Migration to Zero-Trust Architecture,” Cyber Security and Data Protection, vol. 3800, pp. 97–105, 2024.
R. Syrotynskyi, et al., Methodology of Network Infrastructure Analysis as Part of Migration to Zero-Trust Architecture, in: Cyber Security and Data Protection, vol. 3800 (2024) 97–105.