Application Level Network Access Control System Based on TNC Architecture for Enterprise Network
Traditional NAC system in enterprise network is in coarse granularity (e.g. IP or MAC address) and lack of flexibility. Recently the demand in tight control of the enterprise network to defense the misuse and security issues become more and more urgent. Based on the TCG TNC standard, an application level network access control mechanism is proposed and implemented. With TNC client/server model in hand, a client is designed to enhance TNC client with the function of host flow controller (HFC), and intercepts each application network access request(ANAR) and transfer it to PDP server to authorize the access request. When a sensor (i.e. intrusion detection system) detects any malicious traffic, host flow controller and network flow controller can identify the application that origins this traffic by querying Metadata Access Point (MAP) server and block this application’s network access. A prototype system is implemented to demonstrate the design and can be used to defense the anomaly network behaviors. The prototype system demonstrates that the hosts, switches, firewalls and IDS can work together to detect, diagnose and protect enterprise network from the malicious applications attack initiated inside or outside of an enterprise network, quarantine unhealthy hosts and make the enterprise network more reliable and trustworthy.
Network Security Access Control Trusted Network Connect Application Level Access Control
Zhen Chen Fa-Chao Deng An-An Luo Xin Jiang Guo-Dong Li Run-hua Zhang Chuang Lin
Research Institute of Information Technology Department of Automation and Computer Science & Technol Research Institute of Information Technology Department of Automation and Computer Science & Technol
国际会议
北京
英文
1-5
2010-06-25(万方平台首次上网日期,不代表论文的发表时间)