201 计算机系统应用
1年第20卷第l期http://www.c-S·a.org.cn
计算机网络终端准入控制技术①
周超,周城,丁晨路
(重庆通信学院研究生管理大队,重庆400035)
摘要:终端准入控制根据预定安全策略,对接入网络的终端进行身份认证和安全性检查,确保可信、安全的终
端访问网络,拒绝或限制不安全终端的接入,体现了终端安全与准入控制的结合,可以有效提高网络对安全威
胁的主动防御能力。现行部署的解决方案在身份认证、安全状态检查中存在缺陷,容易受到中间人攻击、会话
劫持攻击等,并且对虚拟化应用适应性不足。可考虑通过完善认证过程、改善交互机制等方法加以改进。
关键词:主动防御;终端安全;准入控制;网络安全;端点准入防御;802.1x协议
of AdmissionControlin Networks
TechnologyEndpoint Computer
ZHOU Chen-Lu
Chao,ZHOU
Cheng,DING
School Communication
(OradumofChongqing Institute,Chongqing400035,Chin)
AdmissionControl takesauthenticationand state on
Abstract:Endpoint technology securitycheckingendpoints
networkonthebasis
to ofpre-determinatesecurity makessurethat the andsecure
accessing policies.It onlytrustworthy
couldaccesstonetworkswhile orlimitsthe of
insecure of
endpoints rejects accessing endpoints.It’Sexemplification
thecombinationof andAccess can theactivedefense
Control,which
EndpointSecurity efficientlyimprove ability
threatenof solutionhas inauthenticationand state
networks.However,the
againstsecurity existing shortages security
thatitcould attackedMan-in-the·MiddleAttackandSession alsohas
more,it
checking easily by HiJack.What’S
as
limitationinVLrtualization well.It’Sconsiderabletoconsummatethemechanismofauthenticationand
appliance
for
communication
processesimprovement.