In EDS ansehen

An Empirical Study of Hardening Network Access Control Systems.

Gespeichert in:
Bibliographische Detailangaben
Titel: An Empirical Study of Hardening Network Access Control Systems.
Autoren: Qureshi, Kalim, Al-Shamali, Mohsen, Abd-El-Barr, Mostafa
Quelle: International Journal for Computers & Their Applications; Mar2025, Vol. 32 Issue 1, p14-26, 13p
Schlagwörter: ACCESS control of computer networks, SECURITY systems, ACCESS control, OPEN source software
Abstract: Network Access Control (NAC) is one of many solutions that plays a critical role in defining security policies in networking. Three open-source NAC solutions were analyzed and compared: OpenNAC, FreeNAC, and PacketFence. The results showed that the PacketFence solution has better performance in terms of security features. Network layer-2 attacks were introduced against the candidate solution to verify vulnerabilities. These are Cisco Discovery Protocol, Dynamic Host Configuration Protocol, Spanning Tree Protocol, Dynamic Trunking Protocol, and VLAN Trunking Protocol. An enhanced PacketFence was proposed to mitigate network threats in a simulated environment; by using the network simulator tool (GNS3) and through hardening a critical component of PacketFence via applying supportive configurations and commands. We observed that the proposed enhancement solution improved network security. This is measured in terms of 22% to 84% increase in the CPU utilization during an attack that lasted for 10 minutes. In addition to root cost increase from 0 to 12 after launching 3 STP attacks. This is a substantial surge in MAC address table entries. Interface status was also changed to trunk and the VLAN entries were manipulated either by adding or removing entries in the VLAN table. [ABSTRACT FROM AUTHOR]
Copyright of International Journal for Computers & Their Applications is the property of International Society for Computers & Their Applications and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Datenbank: Complementary Index
Beschreibung
Abstract:Network Access Control (NAC) is one of many solutions that plays a critical role in defining security policies in networking. Three open-source NAC solutions were analyzed and compared: OpenNAC, FreeNAC, and PacketFence. The results showed that the PacketFence solution has better performance in terms of security features. Network layer-2 attacks were introduced against the candidate solution to verify vulnerabilities. These are Cisco Discovery Protocol, Dynamic Host Configuration Protocol, Spanning Tree Protocol, Dynamic Trunking Protocol, and VLAN Trunking Protocol. An enhanced PacketFence was proposed to mitigate network threats in a simulated environment; by using the network simulator tool (GNS3) and through hardening a critical component of PacketFence via applying supportive configurations and commands. We observed that the proposed enhancement solution improved network security. This is measured in terms of 22% to 84% increase in the CPU utilization during an attack that lasted for 10 minutes. In addition to root cost increase from 0 to 12 after launching 3 STP attacks. This is a substantial surge in MAC address table entries. Interface status was also changed to trunk and the VLAN entries were manipulated either by adding or removing entries in the VLAN table. [ABSTRACT FROM AUTHOR]
ISSN:10765204