面向大规模网络统一配置管理的AAA架构

2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007) Pub Date : 2007-12-15 DOI:10.1109/CIS.WORKSHOPS.2007.159

Wang Jinsong, Lou Jia, Wu Shaoying, Wang Zhengxu, Wu Gong-yi

{"title":"面向大规模网络统一配置管理的AAA架构","authors":"Wang Jinsong, Lou Jia, Wu Shaoying, Wang Zhengxu, Wu Gong-yi","doi":"10.1109/CIS.WORKSHOPS.2007.159","DOIUrl":null,"url":null,"abstract":"Unified configuration management of network devices in large-scale environment is an important issue. As a traditional method, password authentication by router can not verify the administrators' identities. In other words, someone who actually is not an administrator, can also access the router if he knows password. In this paper, we present a new policy-based AAA architecture that uses VPN and certificate-based authentication. By implementing the architecture, administrators can access authorized routers only and execute authorized commands. Single Sign-On mechanism is used to simplify authentication process. Moreover, the actions of administrators can be logged for accounting. Finally, we implement the architecture in Tianjin Education Metropolitan Area Network.","PeriodicalId":409737,"journal":{"name":"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"AAA Architecture for Unified Configuration Management in Large-Scale Network\",\"authors\":\"Wang Jinsong, Lou Jia, Wu Shaoying, Wang Zhengxu, Wu Gong-yi\",\"doi\":\"10.1109/CIS.WORKSHOPS.2007.159\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Unified configuration management of network devices in large-scale environment is an important issue. As a traditional method, password authentication by router can not verify the administrators' identities. In other words, someone who actually is not an administrator, can also access the router if he knows password. In this paper, we present a new policy-based AAA architecture that uses VPN and certificate-based authentication. By implementing the architecture, administrators can access authorized routers only and execute authorized commands. Single Sign-On mechanism is used to simplify authentication process. Moreover, the actions of administrators can be logged for accounting. Finally, we implement the architecture in Tianjin Education Metropolitan Area Network.\",\"PeriodicalId\":409737,\"journal\":{\"name\":\"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS.WORKSHOPS.2007.159\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.WORKSHOPS.2007.159","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

大规模环境下网络设备的统一配置管理是一个重要问题。传统的路由器密码认证方法无法验证管理员的身份。换句话说，实际上不是管理员的人也可以访问路由器，如果他知道密码。在本文中，我们提出了一种新的基于策略的AAA架构，它使用VPN和基于证书的身份验证。通过实现该架构，管理员只能访问授权的路由器，执行授权的命令。采用单点登录机制，简化认证过程。此外，可以记录管理员的操作，以便记帐。最后，在天津教育城域网中实现了该体系结构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

AAA Architecture for Unified Configuration Management in Large-Scale Network

Unified configuration management of network devices in large-scale environment is an important issue. As a traditional method, password authentication by router can not verify the administrators' identities. In other words, someone who actually is not an administrator, can also access the router if he knows password. In this paper, we present a new policy-based AAA architecture that uses VPN and certificate-based authentication. By implementing the architecture, administrators can access authorized routers only and execute authorized commands. Single Sign-On mechanism is used to simplify authentication process. Moreover, the actions of administrators can be logged for accounting. Finally, we implement the architecture in Tianjin Education Metropolitan Area Network.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007)

自引率

0.00%

发文量