簡易檢索 / 詳目顯示
| 研究生: |
許乾豪 CHIEN-HAO HSU |
|---|---|
| 論文名稱: |
企業內遠距多點無線區域網路安全之架構設計 Security Architecture Design of the Wireless LAN with the Multi-site Intranet |
| 指導教授: |
陳奕明
Yi-Ming Chen |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
管理學院 - 資訊管理學系在職專班 Executive Master of Information Management |
| 畢業學年度: | 91 |
| 語文別: | 中文 |
| 論文頁數: | 70 |
| 中文關鍵詞: | 遠距多點網路環境 、無線區域網路 、防火牆 、安全架構設計 、企業虛擬私人網路 、802.11 |
| 外文關鍵詞: | Security Architecture Design, VPN, WLAN, IEEE 802.11, Multi-site Intranet |
| 相關次數: | 點閱:11 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著無線區域網路逐漸普及,近年來已有不少企業認真考慮將無線區域網路架構在企業內部網路使用。但無線區域網路先天的安全性弱點,卻也成為企業評估時的疑慮。由於新一代的無線區域網路的安全標準(如:802.11i)仍在制定中,迫使網路設備供應商得運用各種安全技術推出不同的解決方案,這也常使企業在規劃時無所適從,成為建置導入時的障礙。此外目前的安全機制多以單一據點的企業網路做考量,但實際上有許多的企業是採用遠距多點的企業網路架構,市面上卻很少針對遠距多點網路拓樸提出適當的解決方案。為解決此問題,本研究針對在於遠距多點之企業網路環境下,以現有的網路安全機制與技術,依網路拓樸和網路通訊層次,提出設計企業內遠距多點無線區域網路之安全架構,並考量各項構面,分析優缺點。此外,我們也提出一套選擇無線區域網路安全架構的決策工具,並以三個案例來說明如何使用此工具,使企業能在考量各項不同需求構面強度及現有網路環境規模後,提供無線區域網路安全架構建議,以協助規劃者能正確選擇企業適用的安全架構決策。
With the popularity of wireless networking, more and more enterprises intend to integrate wireless LAN with the Intranet. However, as the wireless LAN is weak in security, it becomes the misgivings when the enterprises try to assess it. Since the new standard of the wireless LAN, such as 802.11i is still under development, the suppliers of networking equipment provide different solutions with different security technologies. This situation makes enterprises have no standard to follow and thus becomes an obstacle of build-in into wireless LAN. On the other hand, Although most current securities focus on the single enterprise networking, some enterprises use the architecture of the multi-site in reality. With respect the WLAN security, there are not too many solutions for the topology of the multi-site. To solve this problem, in thesis we focuses on WLAN security problem of multi-site enterprise networking. We propose various security architectures of the wireless LAN for the enterprise Intranet by using the current securities and technologies with networking topology and networking communication arrangements. We also analysis the advantages and disadvantages of multi-site from different sides. Furthermore, we provide a tool to select the security architecture of wireless LAN and explain by three realistic cases. The tool also can provide the suggestion of the security architecture of wireless LAN and help networking planers making the applicable security decisions.
中文部份
[余泰興 02] 余泰興, 無線網路之威脅與安全防護, 麥格羅.希爾國際出版公司, 2002年10月
[李序韡 03] 李序韡, 莊謙本, "MPLS架構新世代網路", 網路通訊雜誌141期, 2003年4月
[林秉忠 03] 林秉忠, 陳彥銘, "802.11無線網路白皮書", access from http://www.cert.org.tw/document/docfile/Wireless_Security.pdf, 台灣電腦網路危機處理暨協調中心, 2003年2月
[洪榮欣 03] 洪榮欣, "Mobile IP 技術發展", access from http://www.ccl.itri.org.tw/ about/ccl_enews/CCL_e9106133K.htm at 2003年4月
[秦新發 02] 秦新發, 虛擬私人網路VPN之建置研究, 中央大學資訊管理研究所碩士論文, 2001年2月
[張家瑜 01] 張家瑜, 曾柏堯, "探索VPN", 網路通訊雜誌122期, 2001年9月
[陳俊利 02] 陳俊利,無線區域網路架構中有線等效保密演算法安全性分析, 中興大學電機工程研究所碩士論文, 2002年7月
[陳彥銘 02] 陳彥銘, "無線網路攻略大全一:安全問題解析", access from http://www.secucom.com.tw/service/download/column/020701.pdf at 2002年8月
[游源松 02] 游源松, 溫演福, 企業資料通訊與網路, 滄海書局, 2002年9月
[微軟00] 微軟, "Windows 2000群組原則", Access from http://www.microsoft.com/ taiwan, at 2002年5月
[微軟03] 微軟, "Windows 2000 Server and Advance Server" accsee from http://www.microsoft.com/taiwan at 2002年2月
[葉筱楓 01] 葉筱楓, "IP-VPN技術及應用發展之探討", 電信研究雙月刊 第31卷第二期, 2001年4月
[談應衡 01] 談應衡, 企業網路功能需求分析之研究, 實踐大學企業管理研究所碩士論文, 2001年2月
[鄭懿讚 00] 鄭懿讚,無線網路傳訊生活無線可及,第四章無線網路的應用,學貫行銷股份有限公司, 2002年5月
英文部份
[Arba 01] W. A. Arbaugh, N. Shankar, Y.C. J. Wan, "Your 802.11 Wireless Network has No Clothes", access from http://www.cs.umd.edu/~waa/wireless.pdf, University of Maryland ,March 30, 2001
[Barn 02] C. Barnes, T. Bautts, D. Lloyd etc., Hack Proofing Your Wireless Network, Syngress Publishing inc., 2002
[Blue 03] Bluesocket , "Bluesocket Product Line", access from http://www.bluesocket.com/solutions/6PagesBrochure.pdf, Apr 2003
[Cisc 01] Cisco inc., "Wireless LAN Benefits Study", Oct 2001, access from http://newsroom. cisco.com/dlls/tln/pdf/WLAN_study.pdf at May 2003
[Cisc 03a] Cisco inc. "Cisco Aironet 350 Series Access Points Data sheet", access from http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/ carto_in.pdf at Apr 2003
[Cisc 03b] Cisco inc., "Cisco AVVID Network Infrastructure Enterprise Wirless LAN Design", access from http://www.cisco.com/application/pdf/en/us/guest/ netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf at Apr 2003
[Cisc 03c] Cisco inc., "Configuring the Cisco Wireless Security Suite", access from http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wrsec_an.pdf at Apr 2003
[Erwi 02] H. E. Erwin, GSEC Practical, "The IEEE 802.1x Port-Based Network Access Control and Its Implementation" access from http://www.giac.org/practical/GSEC/Herny_Elisa_Erwin_GSEC.pdf, Oct 2002
[Fluh 03] S. Fluhrer, I. Mantin, A. Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4", access from http://downloads.weblogger.com/gems/ 80211b/rc4weakness.pdf at Jan 2003
[Hala 02] Dave Halasz, "IEEE 802.11i draft & Call For IEEE 802.11i draft & Call ForInterest on Link Security for IEEE 802 Networks", access from http://grouper.ieee.org/groups/802/linksec/meetings/MeetingsMaterial/Nov02/halasz_sec_1_1102.pdf, IEEE 802 Security CFI Plenary, Dec 2002
[He 97] Jingsha He "Performance and Manageability Design in an Enterprise Network Security System", In Proceeding of the 1997 IEEE Enterprise Networking Mini-Conference, pp.127 –134,Jun 1997
[Hole 03] Kjell.Hole "Indoor WLAN Design Part V: 802.11 Security" access from http://www.kjhole.com/Bluetooth/PDF/WLAN5.pdf at Apr 2003.
[IEEE 01] IEEE, "IEEE Standard for Local and metropolitan area networks-Port- Based Network Access Control", access from http://www.vayner.net/ Docs/802.1/802.1X-2001.pdf, IEEE Std 802.1X-2001, Oct 2001
[IEEE 99] IEEE, "Wireless LAN Medium Access Control (MAC) and Physical Layer(PHY) Specifications", access from http://ftp.cse.sc.edu/jdavis/ IEEE-802.11-Docs/802.11-1999.pdf, IEEE Std 802.11, 1999
[Mama 99] L. Mamakos, K. Lidl, J. Evarts "A Method for Transmitting PPP Over Ethernet (PPPoE) ", RFC 2516, Feb 1999.
[Micr 03] Microsoft, "Active Directory Architecture" access from http://www.Microsoft.com/ technet at Mar 2003
[Mish 02] A. Mishra, W. A. Arbaugh, "An Initial Security Analysis of the IEEE 802.1X Standard", access from http://www.csc.gatech.edu/~gte369k/ 802_1x.pdf, University of Maryland, Feb 2002
[Nets 03] Netscape, "Introduction to SSL", Access from http://developer.netscape. com/ at Apr 2003
[NIST 02] T. Karygiannis, L. Owens, "Wireless Network Security : 802.11,Bluetooth and Handheld Devices", access from http://csrc.nist.gov/publications/ nistpubs/800-48/NIST_SP_800-48.pdf, NIST Special Publication 800-48, November 2002
[Pras 00] A.R.Prasad、H. M.d,J. Kruys "Security Architecture for Wireless for Wireless LANs: Corporate & Public Environment", In Proceeding of the 51th IEEE Vehicular Technology Conference at Tokyo spring 2000, vol.1, pp. 283 -287,2000
[Schn 03] Dr.Schneider, "LAN Switching Technologies and Virtual LAN" access from http://www.isse.gmu.edu/~eschneid/infs612/projects/LAN.pdf at May 2003.
[Veri 01] Vernier inc.,"Controlling the Network Edge Vernier Networks and the Enterprise", Vernier Networks White Papers, Sep 2001.
[Wang 02] J.H. Wang, T. L. Lee, "Enhanced intranet management in a DHCP-enabled environment", In Proceeding of the 26th IEEE annual international Computer Software and Applications Conference , pp. 893 –898,2002
[Welt 98] Alan von Weltin , "Technical Guide to Secure Channels and the NT Client Authentication Process", Microsoft TechNet Volume 6 Issue 12, Microsoft, Dec 1998
