Ensuring Secure Data Exchange in Software-defined Local Network

Abstract

Introduction. Protecting outer perimeter is not enough to ensure secure data communication in the information system of local area network. Analytical reports of leading information security companies confirm this fact. Usually, an attacker having overcome the outer perimeter conducts network reconnaissance before carrying out an attack. The success of a network attack depends on the completeness of the information collected. The constantly changing network topology does not provide an attacker with long-term network topology information, as a result, the attacker is forced to collect information more intensively thereby identifying himself. Otherwise, the effectiveness of the planned attack is reduced. The aim of this research is to increase the intra-network data transfer security level by means of network topology dynamic reconfiguration. The authors proposed a new solution for ensuring secure node interaction countering both internal and external attackers having overcome an outer perimeter.Materials and methods. The proposed solution is based on a software-defined network and VxLAN technology. The solution involves constant network reconfiguration both with a certain frequency and on the occurrence of certain events, so that an attacker could not have long-term information. If an intruder is detected or an information security incident occurs, the network is automatically reconfigured in such a way as to lessen or prevent possible consequences.Results. The obtained results show that periodic network changes do not allow an attacker to covertly collect complete information about the network, and the proposed solution may allow to detect and isolate the attacker.Discussion and conclusion. The obtained results show that it is possible to apply the proposed solution for organizing secure data communication within the local computer network of the information system.