| With wide application of Internet, network security problems became a serious threat both for network service providers and for network service users. One approach towards network attacks is on the server site to prevent application systems from network attacks. Techniques adopted include Identity Authentication (IA), Intrusion Detection, and Intrusion protection (e.g. by use of Honey Pot). An alternative approach is to apply access control on clients so as to validate their eligibility. IEEE 802.lx is a typical port-based access control protocol defined by IEEE 802 working group to prevent unauthorized devices from being physically attached to the LAN infrastructure or to prevent unauthorized users to access the LAN through equipment already attached.This dissertation presents a prototype of Terminal Security Accessing Management System (TSAMS) developed by the author for a network equipment manufacture in Chengdu. TSAMS combines the Trusted Network Connect (TNC) architecture with an extended IEEE 802.lx. TSAMS consists of four components, i.e. the client (software installed in user terminal), access equipment (access control software installed in access switch), authentication server, and policy server. First the client request IA for authentication server. If succeed, the client collects terminal information and requests for a security control channel (connection) between the client and security Policy server. The policy sever then sends back the security rules to the client for evaluating security level for the user by use of these rules. The Access control software in access switches is informed with the evaluation results to provide the user with relevant access.Preliminary experiment with the prototype of TSAMS has shown that the system is operational and fulfils the design goal. Operation of TSAMS with network equipment in the network equipment manufacturer has further shown that TSAMS is usable and has high value. At last, the summarization and further research directions are given. |
PDF Full Text Request