User-Friendly Access Control for Public Network Ports

dated Dec, 2000

We are facing a trend towards ubiquitous connectivity where users demand access at anytime, anywhere. This has lead to the deployment of public network ports and wireless networks. Current solutions to network access control are inflexible and only provide all-or-nothing access. It is also increasing important to protect Intranet hosts from other mobile and static hosts on the same Intranet, in order to contain damages in the case that a host gets compromised. We present an architecture that addresses these issues by using a programmable router to provide dynamic fine-grained network access control. The Javaenabled router dynamically generates and enforces access control rules using policies and user profiles as input, reducing administrative overhead. Our modular design integrates well with existing authentication and directory servers, further reducing admininstrative costs. Our prototype is implemented using Nortel's Accelar router and moves users to VLANs with the appropriate access privilege.

2014

WLANs (Wireless LANs) are a cost-effective solution for impossible or hard-to-wire locations. WLANs are gaining popularity because they are easy to deploy and provide ubiquitous access to enterprise resources from anywhere in the campus. However, Enterprises and Campuses must become fully aware of the security and management implications of adding wireless technologies to their network. Organizations must tightly integrate wireless LANs with wired LANs. Network managers are reluctant or unwilling to deploy wireless LANs unless those LANs provide the type of security, manageability, and scalability offered by wired LANs. Since wireless LANs broadcast data over the air using radio waves, virtually any wireless LAN client in the area served by the data transmitter can access that data. It is impossible to direct a wireless LAN transmission to only one, intended recipient. So data privacy and security becomes a real concern. This article explains how a campus-wide WLAN solution can have...

Lecture Notes in Electrical Engineering, 2020

The usage of technology is moving ahead at a staggering speed, managing to increase its use in daily life, both at a business and personal level, which entails the need to protect the most important assets of the user, as well as to increase the mechanisms that are necessary to safeguard the information. In this article, we detail the design of a Model for the Implementation of Access Control to WIFI networks, which was done by means of a methodology composed of four phases: research, documentation, practice, and feedback. These were used to perform the different tests and validations, and thus adjust the configurations and performance. The model provides infrastructure managers a solution for the management of the access to the WIF resource, since the configuration that is proposed can be assigned in the same SSID to several network segments. The practice was carried out in a controlled manner and over a specific segment of the network. In the testing process and according to the methodology that was used, computer security policies were defined. This allowed to determine a more secure access control to WIFI networks, it is therefore a solution to the acquired need of mobility; likewise, the integration of the RADIUS and WIFI network service provides a complete framework for access control, and the most interesting thing is that this service can be executed on most operating systems almost free of charge.

Journal of Network and Computer Applications

Network access control mechanisms constitute an increasingly needed service, when communications are becoming more and more ubiquitous thanks to some technologies such as wireless networks or Mobile IP. This paper presents a particular scenario where access rules are based not only on the identity of the different users but also on authorization data related to those users. In order to accomplish this general goal, it will be necessary to add to the traditional system-specific services for authentication and authorization, and also some entities able to manage the information related to identity, roles and permissions. Network access will be based on the 802.1X framework and the Authentication, Authorization, and Accounting (AAA) architecture, as they constitute the basis for most of the existing proposals for limiting the access to a restricted network. These proposals will be extended making use of an authorization infrastructure based on SAML statements, the RBAC model, and XACML as the main language for expressing authorization policies. The solution that we present in this paper is a consequence of an exhaustive and non-trivial analysis of the different mechanisms that could be used to provide this kind of service. As we will see, the correct integration ARTICLE IN PRESS www.elsevier.com/locate/jnca 1084-8045/$ -see front matter r

IEEE Communications Magazine, 2012

PANA [2] is an application protocol using the User Datagram Protocol (UDP) as transport, which has been specially conceived by the IETF to carry the Extensible Authentication Protocol (EAP) in order to support different authentication mechanisms for network access, regardless of the underlying network access technology. Due to the close relationship between EAP and PANA, we first provide a brief overview of EAP to give the reader a better understanding of the subsequent description of the PANA architecture and protocol operation.

Proceedings of 17th International Conference on Distributed Computing Systems, 1997

Access control involves maintaining information about which users can access system resources and ensuring that access is restricted to authorized users. In wide-area networks such as the Internet, implementing access control is difficult, since resources may be replicated, the task of managing access rights may be distributed among multiple sites, and events such as host failures, host recoveries, and network partitions must be dealt with. This paper explores the problem of access control in such an environment, and in particular, the inherent tradeoff between security, availability, and performance. Techniques for dealing with access control in the presence of partitions are presented and used as the basis for an algorithm that allows application control over these tradeoffs.

2006 Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services, 2006

In this paper the authors present the challenges for enabling Security Policies Management and subsequent Ubiquitous Access Control on the Personal Network (PN) environment. A solution based on Security Profiles is proposed, supporting both partially distributed architectures -having in this case distributed master devices acting as access points-and also pure peer-to-peer interactions inside the PN. Taking benefit from the modularity and scalability of the design, this solution can be extended into supporting coalitions of different security domains, deriving from the creation of PNs federations.

2015

the stage of processing at port entry/exit has many shapes of obstacles such as checking a large number of passenger's documents every day. The passengers spent long time at ports until their documents have been checked by the airport's clerks since the port entry/exit procedures have been processed manually. This intern takes a long time for entrance processing and makes burdens on port's clerks. Each single sheet may contain many different names, and these names may have no relationship with each other. Ergo, the proposed technique in this paper offers the responsibility to speed and facilitate the procedure to take decision making to visa entry for any foreigner. This technique will be distributed in several ports in the country. In addition, those ports are connected to each other by using WiMAX private network. Which it is considered, the most secured open network ever. The model's pages at server side were written in PHP web language which is the most popular W...

2008

Managing identities and access control in higher education remains one of the greatest challenges since the requirements for user profiles and access control policy differ, depending on whether the user is a student or a member of the institution (such as an employee or professor). Moreover, only authorized individuals (e.g., professors) are allowed to execute some operations or access to specific areas within the educational environment. Nevertheless, as the financial sustainability is one of the key challenges for Europe's universities and institutes, both performance and low-cost solutions need to be considered. This paper presents the development of an integrated low-cost access control solution applied to the educational environment. Besides describing the access control to classrooms, laboratories and departments, this work also focus on the student attendance and parking management inside the campus. Preliminary experiments validated on the Engineering Institute of Coimbra (ISEC) show that the herein proposed out-of-the-box solution easily allows managing, controlling and visualizing the attendance of students.