{"title":"虚拟网络中开源网络访问控制的安全性分析","authors":"Mohammed Suhel Inamdar, Ali Tekeoglu","doi":"10.1109/WAINA.2018.00131","DOIUrl":null,"url":null,"abstract":"Enterprise networks depend on Network Access Control software to restrict access to valuable resources. Significant number of attacks come from internal threats, such as disgruntled employees and infected personal devices brought into the company network. Network Access Control software plays an important role in detecting and protecting against these kind of threats. Most companies maintain huge and complex internal networks that form the backbone of their business and the safe harbor for their intellectual property. Thus, its essential to make sure each machine and user has only the right amount of access to the corporate network. With the widespread use of mobile and IoT devices integrating dynamically to corporate networks, this task gets even more complicated. Virtual Local Area Networks (VLANs) are heavily employed to securely partition the intranet because of the suitability for a corporate setting. In this paper, we have evaluated the security of PacketFence Network Access Control server, installed within GNS3 network emulator. Using an open-source tool named Yersinia to carry out experiments, we proved that attacks are viable and realistic. We showed different possible ways to attack the PacketFence network along with how to prevent.","PeriodicalId":296466,"journal":{"name":"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Security Analysis of Open Source Network Access Control in Virtual Networks\",\"authors\":\"Mohammed Suhel Inamdar, Ali Tekeoglu\",\"doi\":\"10.1109/WAINA.2018.00131\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Enterprise networks depend on Network Access Control software to restrict access to valuable resources. Significant number of attacks come from internal threats, such as disgruntled employees and infected personal devices brought into the company network. Network Access Control software plays an important role in detecting and protecting against these kind of threats. Most companies maintain huge and complex internal networks that form the backbone of their business and the safe harbor for their intellectual property. Thus, its essential to make sure each machine and user has only the right amount of access to the corporate network. With the widespread use of mobile and IoT devices integrating dynamically to corporate networks, this task gets even more complicated. Virtual Local Area Networks (VLANs) are heavily employed to securely partition the intranet because of the suitability for a corporate setting. In this paper, we have evaluated the security of PacketFence Network Access Control server, installed within GNS3 network emulator. Using an open-source tool named Yersinia to carry out experiments, we proved that attacks are viable and realistic. We showed different possible ways to attack the PacketFence network along with how to prevent.\",\"PeriodicalId\":296466,\"journal\":{\"name\":\"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)\",\"volume\":\"65 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2018.00131\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2018.00131","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
企业网络依靠网络访问控制软件来限制对有价值资源的访问。大量的攻击来自内部威胁,例如心怀不满的员工和被感染的个人设备带入公司网络。网络访问控制软件在检测和防范此类威胁方面发挥着重要作用。大多数公司都拥有庞大而复杂的内部网络,这些网络构成了他们业务的支柱和知识产权的安全港。因此,必须确保每台机器和用户只有适当数量的访问公司网络的权限。随着移动和物联网设备的广泛使用,动态集成到企业网络中,这项任务变得更加复杂。虚拟局域网(Virtual Local Area network, vlan)被大量用于对企业内网进行安全分区,因为它适合于企业环境。本文对安装在GNS3网络模拟器中的PacketFence网络访问控制服务器的安全性进行了评估。使用一个名为耶尔森尼亚的开源工具进行实验,我们证明了攻击是可行的和现实的。我们展示了攻击PacketFence网络的不同可能方法以及如何预防。
Security Analysis of Open Source Network Access Control in Virtual Networks
Enterprise networks depend on Network Access Control software to restrict access to valuable resources. Significant number of attacks come from internal threats, such as disgruntled employees and infected personal devices brought into the company network. Network Access Control software plays an important role in detecting and protecting against these kind of threats. Most companies maintain huge and complex internal networks that form the backbone of their business and the safe harbor for their intellectual property. Thus, its essential to make sure each machine and user has only the right amount of access to the corporate network. With the widespread use of mobile and IoT devices integrating dynamically to corporate networks, this task gets even more complicated. Virtual Local Area Networks (VLANs) are heavily employed to securely partition the intranet because of the suitability for a corporate setting. In this paper, we have evaluated the security of PacketFence Network Access Control server, installed within GNS3 network emulator. Using an open-source tool named Yersinia to carry out experiments, we proved that attacks are viable and realistic. We showed different possible ways to attack the PacketFence network along with how to prevent.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
