Design And Implementation Of Security Reinforcement Scheme For Access Control Based On 802.1X Protocol

With the rapid development of computer network,network security has become the focus of attention.As the main access authentication protocol of Ethernet,802.1X protocol plays an important role in ensuring the integrity of network boundary.The higher security mechanism of the protocol itself is favored by enterprises and institutions with high degree of confidentiality.802.1X protocol is a port access control technology based on widely used in Ethernet,which is used to solve the problem of access device authentication,provides the network boundary integrity protection,but the 802.1X access control solutions in the dumb terminal MAC address counterfeiting and other security problems existing in the actual application based on destruction of the integrity of the network boundary that led to the illegal theft of corporate internal equipment access to sensitive data,therefore,how to design a 802.1X protocol based on access control security solutions,avoid safety risk is urgently needed.This paper analyzes the shortcomings of the current solution of access control system based on 802.1X protocol,and puts forward the solution,Option function and TCP protocol to integrate and use DHCP protocol 802.1X access control solution based on,and consider the relationship between the design of high security overall solution and the overall certification process,according to the process design,put forward 802.1X protocol access control security solutions based on software architecture,and the key modules to achieve.The design and implementation of this division include the following:1)through based on ISC-DHCP protocol,Option and DHCP increased to expand the functions of fingerprint library function,and set the isolation function of IP,the design and implementation of DHCP access equipment based on fingerprint fingerprint module,based on DHCP and Option check function with fingerprint comparison,strictly control of the dumb terminal MAC counterfeit,to prevent access to each other the terminal uses the same HUB device by using IP distribution isolation function,to prevent the risk of leakage of sensitive information.2)the design and implementation of TCP network based on fingerprint and fingerprint module using semi handshake design,efficient network terminal to collect all the TCP fingerprint,the fingerprint is compared with the current snapshot of TCP fingerprint online terminals carried out periodically,to avoid the risk of tampering with the access device in the network.3)designed and implemented the RADIUS module of multi authentication center,which provided PORTAL authentication,MAB authentication and 802.1X certification centralized authentication function for device access.The design and implementation of the "based on the 802.1X protocol access control security solutions from the function can meet the design requirements,strengthen the 802.1X protocol access control scheme based on security,solve the dumb terminal MAC address spoofing new security problems.