DESIGNING NETWORK INFRASTRUCTURE WITH CYBERSECURITY REQUIREMENTS IN MIND: APPROACHES AND IMPLEMENTATION BASED ON CISCO
DOI:
https://doi.org/10.28925/2663-4023.2025.29.845Keywords:
network infrastructure, cybersecurity, network design, Cisco, information securityAbstract
The article presents a comprehensive study of modern approaches to designing network infrastructure with regard to cybersecurity requirements, with a focus on practical implementation using Cisco technologies. In the context of growing digital threats and the complexity of information systems, the integration of protection mechanisms at the early stages of design is of particular importance. The concepts of Security-by-Design, Zero Trust architecture, micro-segmentation, and the use of digital twins for simulation testing are considered. It is shown that the implementation of the principle ‘never trust, always verify’ allows localising security incidents, reducing the risks of horizontal spread of attacks, and ensuring constant access control. Considerable attention is paid to building a multi-level network architecture using VLANs, ACLs, WPA3, Port Security, and local authentication. In the Cisco Packet Tracer environment, a star-shaped network with nine logical segments serving up to 300 users with high requirements for bandwidth, connection stability, and data protection is modelled. Scenarios for filtering incoming traffic, protecting wireless access points, and organising backups with the protection of transmitted data via FTP with authentication are proposed. The results confirm the feasibility of applying an integrated approach that ensures compliance with current information security standards. Prospects for further research are related to the adaptation of the described methods for industries with increased cybersecurity requirements.
Downloads
References
Cisco. (2025, June). Cisco unveils secure network architecture to accelerate workplace AI transformation. https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2025/m06/cisco-unveils-secure-network-architecture-to-accelerate
Syrovatchenko, М. (2024). Legal aspects of cybersecurity in ukraine: current challenges and the role of national legislation. Bulletin of Lviv Polytechnic National University. Series: Legal Sciences, 1(41), 314–320. https://science.lpnu.ua/sites/default/files/journal-paper/2024/may/34615/sirovatchenko41.pdf
Smith, B. (2022). Defending Ukraine: Early lessons from the cyber war. Microsoft Security. https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/defending-ukraine-early-lessons-from-the-cyber-war
Microsoft. (2022). The hybrid war in Ukraine. Microsoft . https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
Bellamkonda, S. (2023). Cybersecurity and network engineering: Bridging the gap for optimal protection. International Journal of Innovative Research in Science, Engineering and Technology. https://doi.org/10.15680/ijirset.2023.1204007
Granata, D., & Rak, M. (2023). Systematic analysis of automated threat modelling techniques: Comparison of open-source tools. Software Quality Journal, 32, 125–161. https://doi.org/10.1007/s11219-023-09634-4
Diamantopoulou, V., & Mouratidis, H. (2018). A security analysis method for industrial internet of things. IEEE Transactions on Industrial Informatics, 14, 4093–4100. https://doi.org/10.1109/TII.2018.2832853
Colajanni, M., Zanasi, C., & Russo, S. (2024). Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures. Ad Hoc Networks, 156, 103414. https://doi.org/10.1016/j.adhoc.2024.103414
Gehrmann, C., & Gunnarsson, M. (2020). A digital twin based industrial automation and control system security architecture. IEEE Transactions on Industrial Informatics, 16, 669–680. https://doi.org/10.1109/TII.2019.2938885
Masi, M., Aranha, H., Sellitto, G., & Pavleska, T. (2023). Securing critical infrastructures with a cybersecurity digital twin. Software and Systems Modeling, 22, 689–707. https://doi.org/10.1007/s10270-022-01075-0
Li, L., Gao, S., Zhang, W., Wu, J., Liu, Y., Xia, Y., & Zhang, H. (2024). Toward autonomous trusted networks – From digital twin perspective. IEEE Network, 38, 84–91. https://doi.org/10.1109/MNET.2024.3353180
Bravo-Haro, M., Broo, D., & Schooling, J. (2022). Design and implementation of a smart infrastructure digital twin. Automation in Construction. https://doi.org/10.1016/j.autcon.2022.104171
Chen, L., Ni, Y., Huang, D., He, Y., & X., Y. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing. https://doi.org/10.1155/2022/6476274
Liu, J., Liu, G., Meng, L., Wang, Q., & Kang, H. (2023). Theory and application of zero trust security: A brief survey. Entropy, 25. https://doi.org/10.3390/e25121595
Sarkar, S., Choudhary, G., Hussain, A., Kim, H., & Shandilya, S. (2022). Security of zero trust networks in cloud computing: A comparative review. Sustainability, 14(18), 11213. https://doi.org/10.3390/su141811213
Syed, N., Anwar, A., Shah, S., Doss, R., Shaghaghi, A., & Baig, Z. (2022). Zero trust architecture (ZTA): A comprehensive survey. IEEE Access, 10, 57143–57179. https://doi.org/10.1109/ACCESS.2022.3174679
Hewage, C., Rawindaran, N., Prakash, E., & Jayal, A. (2021). Cost benefits of using machine learning features in NIDS for cyber security in UK small medium enterprises (SME). Future Internet, 13, 186. https://doi.org/10.3390/fi13080186
Feng, D. (2024). The basics of creating secure data architectures for financial organizations. The American Journal of Engineering and Technology. https://doi.org/10.37547/tajet/volume06issue12-13
Aladwan, M., Alawadi, S., Awaysheh, F., Cabaleiro, J., Alazab, M., & Pena, T. (2021). Security by design for big data frameworks over cloud computing. IEEE Transactions on Engineering Management, PP, 1–18. https://doi.org/10.1109/TEM.2020.3045661
Cisco. (n.d.). What is network segmentation? https://www.cisco.com/site/us/en/learn/topics/security/what-is-network-segmentation.html
National Institute of Standards and Technology. (n.d.). Defense in depth. https://csrc.nist.gov/glossary/term/defense_in_depth
Verkhovna Rada of Ukraine. (2010). Zakon Ukrainy "Pro zakhyst personalʹnykh danykh" № 2297-VI vid 01.06.2010 [Law of Ukraine "On personal data protection" No. 2297-VI dated 01.06.2010]. https://zakon.rada.gov.ua/laws/show/2297-17#Text
Kostiuk, Yu. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Yu. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Abramov, V., Astafieva, M., Boiko, M., Bodnenko, D., Bushma, A., Vember, V., Hlushak, O., Zhyltsov, O., Ilich, L., Kobets, N., Kovaliuk, T., Kuchakovska, H., Lytvyn, O., Lytvyn, P., Mashkina, I., Morze, N., Nosenko, T., Proshkin, V., Radchenko, S., … Yaskevych, V. (2021). Theoretical and practical aspects of the use of mathematical methods and information technology in education and science. https://doi.org/10.28925/9720213284km
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Вадим Абрамов, Оксана Глушак, Ангеліна Плоха
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
