Criterion of the network infrastructure security

The problem of assessing the security a network infrastructure is considered. aim work to formalize fast computable metric intended for use in optimization problems aimed at rebuilding according requirements. Three metrics with varying degrees detail are proposed achieve this goal. To do this, set essential features has been formed. level allows taking into account terminal access as well actual structure path from subject accessobject. base was compared previously published by other authors. It shown that sensitive changes parameters, and results its calculation consistent metrics. Using metric, segmentation method based on grouping subjects objects evaluated. can significantly increase combining similar groups even absence firewall rules. be used basis methods segmenting existing They not depend subjective assessment, also take presence known vulnerabilities closing which affect general, but does reflect interaction. most significant advantage considered much faster comparison analogues.