DOI QR코드

DOI QR Code

Implementation and Performance Analysis of Network Access Control Based on 802.1X for Effective Access Control on BYOD

효율적인 BYOD 접근통제를 위한 802.1X 네트워크 접근통제 구현과 성능 해석

  • 이민철 (한밭대학교 컴퓨터공학과) ;
  • 김정호 (한밭대학교 컴퓨터공학과)
  • Received : 2015.06.22
  • Accepted : 2015.08.31
  • Published : 2015.09.30

Abstract

In the business environment BYOD(Bring Your Own Device) is used and being expanded continuously. According to a survey conducted by Cisco in 2012 on 600 companies, 95% of them are already permitting the use of BYOD in their work environments so that productivity of their employees has improved as a result. Gartner predicted that the use of BYOD will be caused new security threat. They also suggested to introduce NAC(Network Access Control) to resolve this threat, to separate network zone based on importance of their business, to establish the policy to consider user authority and device type, and to enforce the policy. The purpose of this paper is to design and implement the NAC for granular access control based on IEEE(Institute of Electrical and Electronics Engineers) 802.1X and DHCP(Dynamic Host Configuration Protocol) fingerprinting, and to analyze the performance on BYOD environment.

비즈니스 환경에서 BYOD(Bring Your Own Device) 활용은 지속적으로 확대되고 있다. 시스코(Cisco)는 2012년 600개 기업을 대상으로 BYOD 활용에 관한 설문조사를 실시했다. 조사 결과 95%의 기업에서 이미 BYOD 사용을 허용하고 있으며, 업무 생산성이 향상된 것으로 나타났다. 가트너(Gartner)는 BYOD 도입으로 보안위협이 증가할 것으로 예측했으며, 보안위협 완화 방안으로 네트워크 접근통제(Network Access Control, NAC) 도입을 제안했다. 또한 접근통제 중요도에 따라 네트워크 영역을 나누고, 사용자 역할과 단말기 유형을 고려하여 접근통제 정책을 상세히 정의하고, 네트워크에 연결된 모든 단말기에 강제로 적용할 것을 주장했다. 본 논문에서는 IEEE 802.1X와 DHCP 핑거프린팅(fingerprinting)을 응용하여 네트워크 접근통제를 설계 구현하고, BYOD 환경에 적용하여 접근통제 성능을 해석하고자 한다.

Keywords

References

  1. Eun Byol Koh, Joohyung Oh, and Chaete Im, "A Study on Security Threats and Dynamic Access Control Technology for BYOD, Smart-work Environment," IMECS 2014, Vol.II, pp.634-639, 2014.
  2. Prashant Kumar Gajar, Arnab Ghosh, and Shashikant Rai, "Bring Your Own Ddevice (BYOD): Security Risks And Mitigating Strategies," JGRCS, Vol.4, No.4, pp.62-70, 2013.
  3. Lawrence Orans and John Pescatore, "Strategic Road Map for Network Access Control," Gartner, 2011.
  4. 이정우 et al, "네트워크접근통제(NAC) 기술동향 파악 및 시험방법론 개발 최종 연구보고서", 한국정보통신기술협회, 2012.
  5. ForeScout, "CounterACT: 802.1X and Network Access Control," [Internet], http://www.forescout.com/wp-content/media/FS-8021X_and_NAC_Tech_Note.pdf.
  6. 이민철, "네트워크 접근통제 시스템 구축", 에이콘출판, 2015.
  7. Broadford Networks, "802.1X and NAC: Best Practices For Effective Network Access Control," Broadford Networks [Internet], http://www.cadinc.com/wp-content/uploads/2010/11/CAD_Bradford_Network_Access_Control_802.1X.pdf.
  8. Jim Geier, "Implementing 802.1x Security Solutions for Wired and Wireless Networks," Wiley Publishing, Inc., 2008.
  9. Edwin Lyle Brown, "802.1X Port-Based Authentication," Auerbach Publications, 2006.
  10. Shin Shirahata, Yasuo Tsuchimoto, and Jun Murai, "New scheme for passive OS fingerprinting using DHCP message," IPSJ SIG Notes, Vol.18, pp.41-46, 2003.
  11. David LaPorte and Eric Kollmann, Using DHCP for Passive OS Identification, Black Hat Japan 2007, [Internet], http://chatteronthewire.org/download/bh-japan-laportekollmann-v8.ppt.
  12. Drik van der Walt, "FreeRadius Beginner's Guide," Packt Publishing, 2011.