標題: | 一個建立在區域網路第二層通訊協定的認證機制 An Authentication Mechanism Based on The Layer 2 Protocol of Local Area Network |
作者: | 郭彥宏 羅濟群 KUO, Yen-Hung LO, Chi-Chun 管理學院資訊管理學程 |
關鍵字: | 網路存取保護;網路存取控制;IEEE 802.1X;Active Directory;NAP;SNMP;Dynamic VLAN;NAC |
公開日期: | 2017 |
摘要: | 電腦整合製造生產模式在企業界被大量的使用,使得企業關注到因網路控管不當,造成機密外洩的資安風險,通常最快速的解決方法,就是直接編列預算導入網路存取控管系統的商用產品,但導入市售商業產品,多半需額外新增伺服器且需在用戶端佈署代理程式,除了耗時費工之外,高昂的產品費用並非所有企業皆有能力承擔。本論文依據IEEE 802.1X驗證協定,以企業界廣泛使用的Cisco網路交換機為基礎、Microsoft NAP為核心,整合Active Directory、DHCP、SNMP及SMS系統,以低成本建置一個網路第二層啟動的驗證機制。在裝置接入網路的同時立即進行身份驗證,僅開放企業特定裝存取。研究結果顯示此機制可以有效辨識企業網域授權的裝置及人員、依政策授權存取特定的子網路,並於驗證失敗時以簡訊通報系統管理人員,對於防範外部裝置取得企業內部網路資源,降低機密遭竊取的風險上皆有正面效益。 Widely implemented of computer integrated manufacturing makes enterprises pay attention to the risk of data leakage which results from lack of control on network access. The fastest way to solve the problem is to purchase a NAC (Network Access Control) product. But these products always request an extra server and efforts on agent deployment. Besides, these kinds of products cost a lot and not every enterprise are able to afford them. This study proposes a lower cost and Layer 2 triggered NAC system architecture which referred to IEEE 802.1X protocol and integrated commonly adopted systems, such as Cisco network switch, Microsoft Network Access Protection, Active Directory, DHCP, SNMP (Simple Network Management Protocol) and SMS (Short Message Service). This mechanism authenticates devices from Layer 2 immediately while they are connecting to network and grant access to specific authorized devices only. The research result shows that the mechanism works properly on identifying designated computers and users and assigning them to specific VLAN per system policy. A SMS alarm will be sent to system administrators when authentication failure is detected. It shows positive effect on preventing of unauthorized network access and reducing data theft on critical information. |
URI: | http://etd.lib.nctu.edu.tw/cdrfb3/record/nctu/#GT070463419 http://hdl.handle.net/11536/141411 |
顯示於類別: | 畢業論文 |