نام پژوهشگر: محمد امیر ثابت حاجیونی
محمد امیر ثابت حاجیونی عباس آسوشه
abstract: country’s fiber optic network, as one of the most important communication infrastructures, is of high importance; therefore, ensuring security of the network and its data is essential. no remarkable research has been done on assessing security of the country’s fiber optic network. besides, according to an official statistics released by ertebatat zirsakht company, unwanted disconnection in the fiber optic line and the subsequent disruptions in domestic and international communication has inflicted harsh economical, social, political and security damages to the country so far. in this research, using a method which is based on a principled way and according to valid security assessment standards, we have tried to assess the existing networks in terms of security assessment and extract their weaknesses and vulnerabilities. according to the data acquired from the previous stage; the risks applicable to the key parameters of the network will be quantitatively analyzed and then the existing and desired security status will be shown graphically. tools available in this methodology have been used as the main tools for quantitative assessment of the risks in the country’s fiber optic network. method used in this methodology is based on valid security standards such as iso27001 and bs7799. for the process of security risks analysis, excel-based risk analysis tools based on infotech methodology have been designed. the country’s fiber optic network security risk was assessed and analyzed by such tools. key parameters of fiber optic network are classified into 6 categories including: network management, identification and authentication, access control, accuracy of the message and history, network hardware and routers, switches and hubs. lynn,s.(2009) the result of assessment is acquired as the following: very weak management network 11.0%, poor identification and authentication20.0%, insufficient access control 25.0%, accuracy of the data message as very weak 10.0%, network hardware 15.0% and hubs, routers and switches 35.0% . based on the percentage specified for each of six categories, business risk quotient, according to the following formula is calculated: brq= effect of business+(vulnerability*probability)/2 and then network brq for each of them is extracted as the following: network management 1.1, identification & authentication 1.3, access control 1.5, data accuracy 1.2, network hardware 1.3 and hubs, routers and switches results 1.6 ,which indicates the existing security status of the fiber optic; therefore, the network has many weak points as well as security risks. in case such problems do not get resolved, they can inflict irreparable damages to communication systems and the equipments using such infrastructure. in fact, designers of fiber optic network in the country have not taken into consideration the security factors during the design and implementation of fiber optic network. key words: assessment, vulnerability, risk, security, fiber optic network