The article presents a comprehensive study of modern approaches to designing network infrastructure with regard to cybersecurity requirements, with a focus on practical implementation using Cisco technologies. In the context of growing digital threats and the complexity of information systems, the integration of protection mechanisms at the early stages of design is of particular importance. The concepts of Security-by-Design, Zero Trust architecture, micro-segmentation, and the use of digital twins for simulation testing are considered. It is shown that the implementation of the principle ‘never trust, always verify’ allows localising security incidents, reducing the risks of horizontal spread of attacks, and ensuring constant access control. Considerable attention is paid to building a multi-level network architecture using VLANs, ACLs, WPA3, Port Security, and local authentication. In the Cisco Packet Tracer environment, a star-shaped network with nine logical segments serving up to 300 users with high requirements for bandwidth, connection stability, and data protection is modelled. Scenarios for filtering incoming traffic, protecting wireless access points, and organising backups with the protection of transmitted data via FTP with authentication are proposed. The results confirm the feasibility of applying an integrated approach that ensures compliance with current information security standards. Prospects for further research are related to the adaptation of the described methods for industries with increased cybersecurity requirements.
Abramov et al. (Fri,) studied this question.