

Research of Access Control System in Wireless Security Gateway

【作者】 修宏举

【导师】 刘云;

【作者基本信息】 北京交通大学 , 信息网络与安全, 2007, 硕士

【摘要】 近年来,无线局域网得到了迅速的发展,并且已应用到社会生活的各个方面。但是,无线局域网的开放性使其没有明确的边界,攻击者无需物理连接就能获取网络的相关信息并对其进行攻击,无线局域网的安全问题已经成为业界关心的重大问题。本文首先介绍了无线局域网的发展历史,以及它的优缺点,并且还介绍了无线局域网所面临的安全威胁以及安全要求,同时分析了无线局域网标准IEEE802.11在安全方面存在的隐患,并且介绍了802.11i任务组提出的解决方案。接下来,本文研究了IEEE802.1X协议,该协议作为一种基于端口的认证技术非常适用于无线局域网环境,可以很好地解决无线局域网在认证方面存在的问题。同时,本文还对Linux操作系统提供的Netfilter框架技术进行了研究,理解其工作原理,掌握其提供的强大的数据包过滤功能。最后,结合实际应用中的需求,设计和实现了一套集成在无线安全网关中的访问控制系统。该访问控制系统提供了本地认证与远程认证两种认证方式,并采用了逻辑端口而非物理端口来实现对用户的接入控制。

【Abstract】 In recent years, wireless local area networks (WLAN) have rapidly developed, and have been applied to many aspects of society and daily life. But, the opening transmission channel makes that there is no clear border in WLAN, and the intruder can get the information of WLAN and intrude it without physical connection. The security of WLAN has become a major issue in the industry.Firstly, this thesis introduces the history of WLAN, its advantage and disadvantage, and analyzes threat and demand to it in security aspect. At the same time, this paper also analyzes IEEE802.11 protocol’s weakness from security aspect, and introduces security scheme put forward by 802.11i task group.Secondly, this article studies IEEE802.1X protocol, which is a kind of port-based authentication technique. This technique is so applicable to WLAN because it can solve the authentication problem in WLAN. In the meantime, this article also studies Netfilter technique provided by Linux operation system to understand its work principle and master its strong data packet filter function.In the end, considering the actual application demands, we design and develop a set of access control system integrated into wireless security gateway. This system provides two authentication ways of local authentication and remote authentication, and uses a logical rather than physical port to achieve connection control to users.

  • 【分类号】TP393.08
  • 【被引频次】1
  • 【下载频次】114