本文關(guān)鍵詞： 網(wǎng)絡(luò)安全 分布式聯(lián)動技術(shù) 設(shè)備認(rèn)證協(xié)議　出處：《南京郵電大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：目前企業(yè)網(wǎng)絡(luò)大多采用分層的組網(wǎng)設(shè)計，而設(shè)備廠商的防攻擊手段大多進(jìn)行單機(jī)部署，缺少設(shè)備與設(shè)備之間的有效認(rèn)證，以及安全策略的聯(lián)動機(jī)制，不能有效識別可能發(fā)生的攻擊行為進(jìn)而對其進(jìn)行有效攔截，從而造成網(wǎng)絡(luò)攻擊的擴(kuò)散，甚至匯聚或核心設(shè)備的癱瘓，進(jìn)而造成網(wǎng)絡(luò)中斷、網(wǎng)絡(luò)質(zhì)量下降及其影響面大等問題。 本文主要研究通過基于分布式的設(shè)備認(rèn)證，形成跨層網(wǎng)絡(luò)的聯(lián)動檢測，實現(xiàn)防攻擊策略和技術(shù)的分布式部署。其中重點對設(shè)備認(rèn)證的技術(shù)原理、安全策略的聯(lián)動技術(shù)進(jìn)行分析和闡述，并給出一種有效的防網(wǎng)絡(luò)攻擊的安全聯(lián)動技術(shù)的部署方案。 本文的主要研究成果如下： （1）提出分布式聯(lián)動安全策略，它擴(kuò)展了傳統(tǒng)以太網(wǎng)交換機(jī)的軟件，為Commander/Relay角色增加“配置模塊”、“認(rèn)證模塊”、“client策略分發(fā)和動態(tài)調(diào)整模塊”、“動態(tài)檢測模塊”；并對原有交換機(jī)的接口管理模塊、AAA/Radius模塊、告警管理模塊進(jìn)行了修改。 （2）參考MAC認(rèn)證和密碼認(rèn)證設(shè)計出設(shè)備安全認(rèn)證，詳細(xì)介紹了Client與Commander/Relay之間的認(rèn)證流程，，Commander、Relay之間的認(rèn)證流程。 （3）設(shè)計出分布式聯(lián)動安全策略的分發(fā)、動態(tài)調(diào)整和檢測機(jī)制，并對其中的報文進(jìn)行少量的擴(kuò)展。
[Abstract]:At present most of the enterprise network design of network layers, and anti attack equipment manufacturers mostly stand-alone deployment, the lack of effective authentication between equipment and equipment, and the security strategy of the linkage mechanism, aggressive behavior can not effectively identify possible and to carry out effective interception, resulting in the diffusion of network attacks, or even sink the core equipment of paralysis, causing network outages, network quality decrease and the impact of large problems.
This paper mainly studies the device authentication based on distributed detection, form a joint cross layer network, distributed attack prevention strategy and technology deployment. The technical principle and emphasis on equipment certification, linkage technology security strategy is analyzed and explained. The deployment scheme and gives an effective attack against network security interaction technology.
The main research results of this paper are as follows:
(1) this paper proposes a distributed interactive security strategy, which extends the traditional Ethernet switch software, add "configuration module for the Commander/Relay role," the authentication module "," client strategy distribution and dynamic adjustment module "," dynamic detection module; interface management module, and the replacement of the original turn of the AAA/Radius module, alarm management module was modified.
(2) design safety authentication based on MAC authentication and password authentication. The authentication process between Client and Commander/Relay is introduced in detail, and the authentication process between Commander and Relay is introduced.
(3) the distribution of distributed linkage security strategy, dynamic adjustment and detection mechanism, and a small amount of expansion of the message are designed.

【學(xué)位授予單位】：南京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 ;美國專家提出加強(qiáng)網(wǎng)絡(luò)安全的10條建議[J];w攣胖蕓

本文編號：1505172