检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]重庆通信学院研究生管理大队,重庆400035
出 处:《计算机系统应用》2011年第1期89-94,共6页Computer Systems & Applications
摘 要:终端准入控制根据预定安全策略,对接入网络的终端进行身份认证和安全性检查,确保可信、安全的终端访问网络,拒绝或限制不安全终端的接入,体现了终端安全与准入控制的结合,可以有效提高网络对安全威胁的主动防御能力。现行部署的解决方案在身份认证、安全状态检查中存在缺陷,容易受到中间人攻击、会话劫持攻击等,并且对虚拟化应用适应性不足。可考虑通过完善认证过程、改善交互机制等方法加以改进。Endpoint Admission Control technology takes authentication and security state checking on endpoints accessing to network on the basis of pre-determinate security policies. It makes sure that only the trustworthy and secure endpoints could access to networks while rejects or limits the accessing of insecure endpoints. It' s exemplification of the combination of Endpoint Security and Access Control, which can efficiently improve the active defense ability against security threaten of networks. However, the existing solution has shortages in authentication and security state checking that it could easily attacked by Man-in-the-Middle Attack and Session Hijack. What' s more, it also has limitation in Virtualization appliance as well. It' s considerable to consummate the mechanism of authentication and communication processes for improvement.
关 键 词:主动防御 终端安全 准入控制 网络安全 端点准入防御 802.1x协议
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145
