摘要
网络准入控制主要通过安全认证与控制实现端点的安全接入,各类准入控制技术不断涌现和发展以解决局域网边界安全问题,然而随着网络复杂性和部署管理便捷性要求的提升,固定的准入控制手段已不能适应种类繁多的安全场景需求。综述准入控制框架及技术发展,提出一种基于软件定义思想的准入控制体系,阐述其模型、架构、主要技术及应用场景,通过资源编排、资产管理与态势统一呈现等设计适应不同用户环境的安全准入和资产管理需求。
NAC(network access control)mainly implements secure access to endpoints through security authentication and control.At present,various NAC technologies are constantly emerging and developing to solve the security problems of LAN borders.However,with the improvement of both network complexity and the convenience of deployment management,the immutable NAC means can no longer meet the needs of a wide variety of security scenarios.This paper summarizes the access control framework and technology development,proposes an access control system based on software-defined thinking,and elaborates its model,architecture,main technologies,and application scenarios.Through resource integration,asset management,and unified presentation of the situation,the security access and asset management needs suitable for different user environments are designed.
作者
邓永晖
周佳
鹿文杨
DENG Yong-hui;ZHOU Jia;LU Wen-yang(No.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《通信技术》
2020年第4期970-975,共6页
Communications Technology
关键词
网络准入控制
准入架构
软件定义
资源编排
资产管理
network access control
access framework
software-defined
resource arrangement
asset management