本文已被:浏览 1915次 下载 6157次
Received:April 29, 2010 Revised:May 30, 2010
Received:April 29, 2010 Revised:May 30, 2010
中文摘要: 终端准入控制根据预定安全策略,对接入网络的终端进行身份认证和安全性检查,确保可信、安全的终端访问网络,拒绝或限制不安全终端的接入,体现了终端安全与准入控制的结合,可以有效提高网络对安全威胁的主动防御能力。现行部署的解决方案在身份认证、安全状态检查中存在缺陷,容易受到中间人攻击、会话劫持攻击等,并且对虚拟化应用适应性不足。可考虑通过完善认证过程、改善交互机制等方法加以改进。
Abstract:Endpoint Admission Control technology takes authentication and security state checking on endpoints accessing to network on the basis of pre-determinate security policies. It makes sure that only the trustworthy and secure endpoints could access to networks while rejects or limits the accessing of insecure endpoints. It’s exemplification of the combination of Endpoint Security and Access Control, which can efficiently improve the active defense ability against security threaten of networks. However, the existing solution has shortages in authentication and security state checking that it could easily attacked by Man-in-the-Middle Attack and Session Hijack. What’s more, it also has limitation in Virtualization appliance as well. It’s considerable to consummate the mechanism of authentication and communication processes for improvement.
keywords: active defense endpoint security admission control network security endpoint admission defense 802.1x protocol
文章编号: 中图分类号: 文献标志码:
基金项目:
引用文本:
周超,周城,丁晨路.计算机网络终端准入控制技术.计算机系统应用,2011,20(1):89-94
ZHOU Chao,ZHOU Cheng,DING Chen-Lu.Technology of Endpoint Admission Control in Computer Networks.COMPUTER SYSTEMS APPLICATIONS,2011,20(1):89-94
周超,周城,丁晨路.计算机网络终端准入控制技术.计算机系统应用,2011,20(1):89-94
ZHOU Chao,ZHOU Cheng,DING Chen-Lu.Technology of Endpoint Admission Control in Computer Networks.COMPUTER SYSTEMS APPLICATIONS,2011,20(1):89-94
