簡易檢索 / 詳目顯示
| 研究生: |
李彥君 Yen-Chun Li |
|---|---|
| 論文名稱: |
MAC/ARP欺騙防禦機制與系統 MAC/ARP spoofing defense mechanism and system |
| 指導教授: |
吳中實
Jung-Shyr Wu |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 通訊工程學系在職專班 Executive Master of Communication Engineering |
| 論文出版年: | 2021 |
| 畢業學年度: | 109 |
| 語文別: | 中文 |
| 論文頁數: | 55 |
| 中文關鍵詞: | 網路安全 、網卡位址 |
| 外文關鍵詞: | Network security, MAC Address |
| 相關次數: | 點閱:27 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著網路技術的快速發展與連網裝置的普及,網路的使用人口迅速增加,
網路安全的議題時常被提出來討論。本論文提出使用微軟Active Directory與網
路原則伺服器將桌上型電腦、筆記型電腦、智慧手機、平板、PDA等連網裝置
網卡位址做集中管理與驗證,再利用網管型交換器控制網路存取,系統經實作
證明不在Active Directory目錄中的網卡位址無法存取網際網路,達到集中管理
並且符合防禦標準預期。
With the fast growth of Internet technology and the popularity of networking
devices, the number of Internet users increases rapidly, resulting in frequent
discussion of network security issues.
This paper proposes using Microsoft Active Directory and network policy server
to centrally manage and verify the network card addresses of networking devices such
as desktop computers, laptops, smart phones, tablets, PDAs, and then use a network-
managed switch to control their network access. It proves that the network card
addresses which are not listed in the Active Directory directory cannot access the
Internet, allowing the system to achieve centralized management and meet the
expected defense standards
[1]資訊安全,https://ws.ndc.gov.tw/Download.ashx?u=LzAwMS9hZG1pbmlzdHJhdG9yLzExL3JlbGZpbGUvNTgxOS8zNDQ1Ny8zOTdhMDFmYi1lNjJhLTRjYjQtOWFmNy01Y2JjOTUyZjcwZTIucGRm&n=5ZyL55m85pyDX%2BirluihoTE4LTNf6Zu75a2Q5pu4LnBkZg%3D%3D&icon=..pdf,2020.09第18卷第三期秋季號,六大核心戰略產業,自第43頁至第45頁。
[2] OSI模型,https://www.iso.org/standard/20269.html
[3]楊文龍,基於SNMP之ARP攻擊偵測研究,國立暨南大學資訊管理學系,碩士論文,民國97年7月。
[4]蕭瑛旗,簡易ARP欺騙攻擊偵測與防禦系統之實作,國立交通大學理學院科技與數位學習學程,碩士論文,民國99年6月。
[5]黃政維,企業內部網路認證系統的探討,國立中央大學資訊管理學系,碩士論文,民國99年6月。
[6]陳志傑,位址解析協定欺騙攻擊防禦系統設計與實作,國立高雄第一科技大學資訊管理系,碩士論文,民國100年6月。
[7]梁滌宏,網路ARP攻擊偵測防護與連線自動復原,國立海洋大學電機工程學系,碩士論文,民國104年6月。
[8]RaviyaRupal D, DhavalSatasiya, Hiresh Kumar, ArchitAgrawal, Detection and Prevention of ARP Poisoning in Dynamic IP configuration, IEEE International Conference On Recent Trends In Electronics Information Communication Technology, May 20-21, 2016, India, page 1240 ~ page 1244
[9]Daniyal Sakhawat, Abdul Nasir Khan, Mudassar Aslam, Anthony T. Chronopoulos, Agent-based ARP cache poisoning detection in switched LAN environments, IET Netw., 2019, Vol. 8 Iss. 1, pp. 67-73
[10]Mahendra Data Faculty of Computer Science Universitas Brawijaya Malang, Indonesia, The Defense Against ARP Spoofing Attack Using Semi-Static ARP Cache Table, 2018 International Conference on Sustainable Information Engineering and Technology (SIET), page 206 ~ page 210.
[11]林冠成,一個ARP 欺騙攻擊的防禦偵測機制,國立聯合大學資訊管理學系,碩士論文,民國107年7月。
[12] Sherin Hijazi and Mohammad S. Obaidat, A New Detection and Prevention System for ARP Attacks Using Static Entry, IEEE Systems Journal ( Volume: 13 , Issue: 3 , Sept. 2019 ), Page(s): 2732 – 2738
[13]網路交換器,https://searchnetworking.techtarget.com/definition/switch
[14]MAC Address Table,https://www.jannet.hk/zh-Hant/post/mac-address-table-attack/
[15]MAC Address欺騙,https://www.jannet.hk/zh-Hant/post/mac-address-table-attack/#spoofing
[16]VLAN,https://standards.ieee.org/standard/802_1Q-2018.html#Standard
[17]ARP,https://tools.ietf.org/html/rfc826
[18]ARP Table,https://tools.ietf.org/html/rfc826
[19]ARP欺騙,https://insecure.org/sploits/arp.games.html
[20]DHCP,https://tools.ietf.org/html/rfc2131
[21]惡意 DHCP 伺服器,http://cyrilwang.blogspot.com/2010/06/dhcp_09.html
[22]MAC authentication,https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/index.html
[23]Local MAC Authentication,https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/index.html
[24]集線器,http://billor.chsh.chc.edu.tw/computer/Hard1/network.htm
[25]廣播網域,https://networklessons.com/cisco/ccna-routing-switching-icnd1-100-105/collision-domains#Conclusion
[26]路由器,http://billor.chsh.chc.edu.tw/computer/Hard1/network.htm
[27]第三層網路交換器,https://web.archive.org/web/20140401064954/http://www.cisco.com/c/en/us/tech/lan-switching/multi-layer-switching-mls/index.html
[28]「第三層交換器」的定義,https://www.ithome.com.tw/node/28931
[29]微軟Server 2008 R2,https://web.archive.org/web/20090717092854/http://www.microsoft.com/windowsserver2008/en/us/r2.aspx
[30]Active Directory,https://web.archive.org/web/20060214105615/http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
[31]Active Directory 網域服務概觀,https://docs.microsoft.com/zh-tw/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
[32]架設Windows RADIUS伺服器(使用Windows Server 2012網路原則服務),https://www.lijyyh.com/2013/07/radius-configuring-radius-server.html
[33]AAA服務,https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/12433-32.html
[34]網路原則,https://docs.microsoft.com/zh-tw/windows-server/networking/technologies/nps/nps-np-overview
[35]規劃DHCP部署,https://docs.microsoft.com/zh-tw/windows-server/networking/technologies/dhcp/dhcp-deploy-wps#bkmk_plan
[36]Wireshark官方網站,https://www.wireshark.org/
[37]將NPS作為RADIUS伺服器規劃,https://docs.microsoft.com/zh-tw/windows-server/networking/technologies/nps/nps-plan-server
[38]Configuring the switch to access a RADIUS server, https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/index.html
[39]Visual Basic概念主題,https://docs.microsoft.com/zh-tw/office/vba/language/reference/user-interface-help/visual-basic-conceptual-topics
[40]Visual Basic .NET, https://docs.microsoft.com/zh-tw/dotnet/visual-basic/
[41]如何修改MAC位址,https://whatismyipaddress.com/change-mac
[42]Port security,https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/index.html
