WO2006001590A1 - Systeme de securite de reseau exploite conjointement avec un serveur d'authentification et procede associe - Google Patents

Systeme de securite de reseau exploite conjointement avec un serveur d'authentification et procede associe Download PDF

Info

Publication number
WO2006001590A1
WO2006001590A1 PCT/KR2005/000857 KR2005000857W WO2006001590A1 WO 2006001590 A1 WO2006001590 A1 WO 2006001590A1 KR 2005000857 W KR2005000857 W KR 2005000857W WO 2006001590 A1 WO2006001590 A1 WO 2006001590A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
information
terminal
authentication
user
Prior art date
Application number
PCT/KR2005/000857
Other languages
English (en)
Inventor
Ki-Tae Kim
Original Assignee
Exers Technologies. Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Exers Technologies. Inc. filed Critical Exers Technologies. Inc.
Priority claimed from KR1020050024389A external-priority patent/KR100714367B1/ko
Publication of WO2006001590A1 publication Critical patent/WO2006001590A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to a network security system capable of performing an enhanced security policy, and more particularly, to a network security system and method for performing an authentication process on users accessing a network, and at the same time, checking an installation status of specific software in a user terminal based on personal security policies set up to the user to determine whether or not to allow the user terminal to access the network based on the check result, thereby implementing optimal network security.
  • FIG. 1 is a configuration view showing a whole configuration of an authentication system in accordance with the IEEE 802. Ix standard.
  • FIG. 2 is a flowchart for explaining a series of authentication processes performed by entities in the authentication system of FIG. 1.
  • the IEEE 802. Ix standard defines three entities: a supplicant 100; an authenticator 110; and an authentication server 120.
  • the supplicant 100 is an entity providing user's authentication information to the authenticator 110 and sending authentication request to the authenticator 110.
  • the supplicant includes wire or wireless terminals intending to access network.
  • the authenticator is initially set to an uncontrolled port status.
  • the supplicant and authenticator can communicate with each other through the EAP (Extensible Authentication Protocol) .
  • the authenticator 110 is an entity transferring the received authentication information and authentication request to the authentication server 120.
  • the authenticator transfers an authentication success message to the supplicant and converts its port status into a controlled port status.
  • the authenticator includes APs (Access Points), routers, switches, and the like.
  • the authentication server 120 is an entity determining authentication based on the supplicant's authentication request received from the authenticator 110. In order to determine authentication, the authentication server uses user's authentication information stored in its internal database or received from external entities. In the IEEE 802.
  • any protocol for communication between the authentication server 120 and the authenticator 110 is not defined.
  • a protocol used for an AAA (Authentication, Authorization, and Accounting) server is also recommended as the protocol between the authentication server 120 and the authenticator 110. Therefore, the RADIUS (Remote Authentication Dial-In User Service) protocol is used as an industrial de-facto standard protocol.
  • the authenticator and the authentication server communicate with each other through the RADIUS protocol, the user's network access right can be controlled according to the determination of authentication (performed by an internal authentication algorithm of the authentication server) and the attributes and vendor-specific attributes of the RADIUS which can be transferred together with the authentication success message.
  • FIG. 3 is a configuration view of a network according to the centralized authentication method.
  • FIG. 4 is a configuration view of a network according to the distributed authentication method.
  • the authentication server is located in the center of the network, so that a user authentication management can be advantageously centralized.
  • data rate of the network may be limited, and performance of the network may deteriorate due to increase in load of the authentication server.
  • FIG. 3 is a configuration view of a network according to the centralized authentication method.
  • a main authentication server located in the center of the network is connected to the network to manage resources and database, and local servers sending authentication requests manage TLS (Transport Layer Security) session and keys to reduce load of the main authentication server.
  • the distributed authentication method can increase network efficiency by about five times that of the centralized authentication method.
  • the distributed authentication method can improve stability of authentication for local users . Since 2000, computer viruses and malicious codes such as Worm have widely spreaded, and various techniques thereof have been developed. Moreover, these techniques have been used as hacking tools. As a result, the computer viruses and malicious codes have made enormous attack and damages that have never been seen. In order to cope with the computer viruses and malicious codes, various anti-virus vaccine programs have been proposed and developed.
  • the number of users of portable terminals increases.
  • the vaccine programs for the portable terminals are not more suitably updated than desktop terminals are.
  • these non-updated portable terminals are connected to the network.
  • the computer viruses and malicious codes entering into intranets from external public networks can be somewhat controlled or blocked by using firewalls, expensive IDS/IPS (Intrusion Detection System/ Intrusion Protection System) , or an anti-virus system to preserve security of the intranets.
  • IDS/IPS Intrusion Detection System/ Intrusion Protection System
  • an anti-virus system to preserve security of the intranets.
  • the wireless communication technologies have been remarkably developed, the users have wirelessly accessed the network by using their portable terminals such as notebooks and PDAs (Personal Digital Assistants) .
  • an object of the present invention is to provide a network security system capable of persevering security of a network by optimizing a security status of each terminal accessing the network.
  • another object of the present invention is to provide a network security server capable of checking a security status of each user terminal during the user authentication process in cooperation with an authentication server.
  • a network security system performing an authentication process on users accessing a network and a network security process, comprising: a security server for storing and managing personal security policies applied to registered users and security information on the personal security policies; a terminal for transmitting basic authentication information input by a user to request authentication;, and an authentication server for performing the authentication process on the user based on the basic authentication information received from the terminal and receiving the personal security policies applied to the user and the associated security information from the security server, wherein, when authentication is granted to the user, the authentication server determines whether or not to allow the terminal to access the network based on the personal security policies and the security information received from the security server.
  • the security information of the personal security policies may include a list of specific software to be installed in the terminal of each user and registration information of the specific software, wherein the security information in the security server includes a list of specific software to which the personal security policies are applied, registration information of the specific software, and information on a management server managing the S/W.
  • the authentication server may determine whether or not the user is a registered one based on the basic authentication information received from the terminal, wherein, if the user is not a registered one, the authentication server dose not grant authentication and allow the user to access the network.
  • the authentication server may determine whether or not the user is a registered one based on the basic authentication information received from the terminal, wherein, if the user is a registered one, the authentication server transmits to the terminal the security information received from the security server, wherein the terminal transmits comparison result information of comprising the security information with the registration information on the terminal to the authentication server, and wherein, if the security information matches with the registration information on the terminal as the comparison result information, the authentication server allows the terminal to access the network.
  • the authentication server may set up a VLAN ID of the terminal to the same as a VLAN ID of a management server managing the specific software and provides an URL of the management server to the terminal.
  • the network security system may further comprise at least one of access points and switches enabling the terminal to access the network, wherein the access points or switches transmit the authentication request received from the terminal to the authentication server or information received from the authentication server to the terminal.
  • a security server comprising a database for storing and managing personal security policies to be set up and applied to users and security information on the personal security policies, wherein the security information includes a list of specific software to which the personal security- policies are applied, registration information of the specific software, and information on a management server managing the S/W, and wherein the security server updates the database in a predetermined time period in cooperation with the management server and transmits the personal security policy applied to the specific user and the security information on the applied personal security policy in response to a request of the authentication server.
  • a network security method of performing a security process on a network and a user terminal accessing the network comprising: a step (a) of receiving basic authentication information and an authentication request from a user terminal of a user; a step (b) of determining whether or not the user is a registered one based on the received basic authentication information; a step (c) of receiving personal security policy applied to the user and the security information and transmitting the security information to the user terminal if the user is a registered one; a step (d) of receiving comparison result information of comparison of the security- information with the corresponding information on the user terminal; and a step (e) of allowing the user terminal to access the network if the security information matches with the corresponding information on the user terminal as the comparison result information.
  • a network security system of the present invention personal security policies are set up based on users, the set-up personal security policies are applied to the users, and allowance of networ.k access of user terminals is determined in accordance with the personal security policies, so that it is possible to enhance security of a network.
  • security associated programs or virus vaccine programs can be installed in user terminals registered in an authentication server, and the programs can be always updated to new versions.
  • a virus-infected user terminal can be automatically quarantined from a network in order to treat the programs infected with viruses.
  • the network security system can perform a remote virus prevention process in cooperation with a vaccine management server by means of a protected path.
  • network access of a user terminal in which new versions of security-associated programs or virus vaccine programs are not installed is denied, so that it is possible to absolutely deny network access of terminals which are likely to be virus-infected or have a security problem.
  • FIG. 1 is a configuration view showing a whole configuration of an authentication system in accordance with the IEEE 802. Ix standard.
  • FIG. 2 is a flowchart for explaining a series of authentication processes performed by entities in the authentication system of FIG. 1.
  • FIGS. 3 and 4 are views for explaining centralized and distributed authentication methods, respectively.
  • FIG. 5 is a configuration view showing a network security system according to a preferred embodiment of the present invention.
  • FIG. 6 is a configuration view for explaining operations of users in a network security system according to a preferred embodiment of the present invention.
  • FIG. 7 is a flowchart a series of operations of an authentication server in a network security system according to the present invention.
  • FIG. 8 is a flowchart of a series of operation of a user terminal in a network security system according to a preferred embodiment of the present invention.
  • FIG. 5 is a configuration view showing a network security system according to a preferred embodiment of the present invention.
  • the network security system according to the present invention comprises user terminals 500, 502, 504, 506, and 508, an access point 510, a switch 520, an authentication server 530, a security server 540, specific-software management servers 550, 552, and 554.
  • an access point 510 a switch 520
  • an authentication server 530 a security server
  • 540 a security server 540
  • specific-software management servers 550 552, and 554.
  • the user accesses the access point 510 and/or the switch 520 to enter basic authentication information.
  • the basic authentication information may be user's ID and password.
  • the user terminal transmits the basic authentication information (input by the user) to the access point 510 and/or the switch 520 to request authentication.
  • the access point 510 and/or the switch 520 transfers the associated information to the authentication server 530.
  • the access point 510 and/or the switch 520 transmits the associated information together with the authentication request of the user to the authentication server 530.
  • the network management system may include at least one access point and at least one switch.
  • the network management system may utilize a core switch 522 in order to collectively manage the at least one switch.
  • the authentication server 530 receives the basic authentication information of users from an authenticator such as a switch and performs a user authentication process.
  • the basic authentication information includes user's ID and password.
  • the basic authentication information can vary depending on networks or communication protocols. If authentication is granted to the user, the authentication server 530 checks the personal security policies applied to the user, and then, it checks the S/W installation status of the user terminal based on the checked personal security policies in cooperation with the security server 540. If the S/W installation status of the user terminal matches with the security information of the personal security policies, the authentication server 530 allows the user terminal to access the network. The detailed operations of the authentication server 530 will be described later.
  • the security server 540 sets up the personal security policies applied to the users.
  • the personal security policies have the security information including a list of S/W used for the personal security policies, registration information of the S/W, and information on the management servers (which manage the S/W) .
  • the security server 540 stores and manages new registration information on the S/W in the database and transmits the associated information to the authentication server 530 in response to a request of the authentication server 530.
  • the S/W registered in the security server 540 includes, for example, virus vaccine programs, 0/S patch programs, and other security-associated programs.
  • the management servers managing and operating the S/W include, for example, a vaccine server 550, an O/S patch server 552, and other PC security servers 554.
  • a variety of the S/W registered in the security server 540 may be set up in response to requests of a system manager or a system.
  • FIGS. 6 and 7 the operation of the authentication server performing the authentication process and applying the personal security policies to the users in cooperation with the security server will be described in detail.
  • FIG. 6 is a view showing the operations of the network security system according to the present invention.
  • FIG. 7 is a flowchart a series of operations of the authentication server in the network security system according to the present invention. As shown in FIG.
  • the authentication server receives the basic authentication information from one of the user terminals 500, 502, 506, and 508 (Step 700) .
  • the authentication server determines whether or not the user is a registered one based on the basic authentication information received from the user terminal (Step 710) .
  • the authentication server transmits the user's ID among the basic authentication information to the security server, and then, receives the personal security policies corresponding to the user's ID from the security server and the security information according to the personal security policies (Step 730) .
  • the personal security policies are security policies applied to the users.
  • the security information include the list of specific S/W set up to the user and the registration information on the S/W.
  • the authentication server 530 receives the personal security policies and the security information from the security server 540 and transfers the security information to the user terminals (Step 740) .
  • the user terminal receiving the security information from the authentication server 530 reads out information on the S/W registered in the security information and determines whether or not the read-out S/W is installed in the user terminal. If the read-out S/W is installed in the user terminal, the user terminal checks the registration information on the specific S/W thereof. Next, the user terminal compares the security information received from the authentication server with the registration information on the S/W of the user terminal and transmits comparison result information to the authentication server.
  • the authentication server receives the comparison result information from the user terminal (Step 750)
  • the authentication server reads out the comparison result information (Step 760) . If the security information matches with the registration information of the S/W of the user terminal as the comparison result, the user terminal (corresponding to the registered user 502 or 504 of FIG. 5) is allowed to access the network (Step 780) , and the process ends. If the security information does not match with the registration information of the S/W of the user terminal as the comparison result, the VLAN ID of the user terminal (corresponding to the registered user 506 of FIG. 5) is set up to the same as the VLAN ID of the S/W management server, and the URL of the S/W management server is transmitted to the user terminal (Step 770) .
  • the authentication server sets up the VLAN ID of the user terminal to the same as the VLAN ID of the specific S/W management server and allocates the corresponding IP to the user terminal. Therefore, the user terminal is allowed to access only the specific S/W management server while denied to access other networks.
  • the user terminal receiving the URL of the specific S/W management server accesses the specific S/W management server and downloads the specific S/W to install the S/W in the user terminal or to update a new version of the S/W.
  • the user terminal compares the security information received from the authentication server with the registration information of the S/W and transmits comparison result information to the authentication server.
  • the authentication server reads out the comparison result information received from the user terminal.
  • FIG. 8 is a flowchart of a series of operation of a terminal program installed in a user terminal in a network security system according to a preferred embodiment of the present invention.
  • basic authentication information input by a user is transmitted to an authentication server (Step 800) .
  • the user terminal receives an authentication success message and specific security information from authentication server (Step 810) .
  • the specific security information includes a list of the specific S/W, registration information on the S/W, and information on the version of the S/W.
  • the user terminal reads out the S/W registration information of the user terminal (Step 820)
  • the user terminal compares the received specific security information from authentication server with the read-out S/W registration information of the user terminal and transmits comparison result information to the authentication server (Step 830) . If the user terminal is allowed to access the network by the authentication server, the process ends (Step 840) . If the user terminal is not allowed to access the network and if the URL of the management server managing the specific S/W is provided (Step 850), the user terminal accesses the management server to download and install the S/W (Step 860) .
  • the user terminal reads out the S/W registration information of the user terminal again to compare the security information with the read-out S/W registration information and transmits comparison result information to the authentication server (Step 830) , so that the authentication server allows the user terminal to access the network.
  • the network security system according to the preferred embodiments of the present invention performs authentication for users intending to access the network and checks installation and version of specific software, O/S patch programs, virus vaccine programs, or the like stored in the user terminal to allow the user terminal to access the network.
  • the authentication server denies the user terminal to access the network in cooperation with the security server.
  • the authentication server After the specific software is installed or updated, the authentication server allows the user terminal to access the network.
  • various programs such as virus vaccine programs, 0/S patch program, and other PC security associated programs can be used for the specific software.
  • the virus vaccine program can be updated at the same time of performing the authentication, so that it is possible to preserve security of the network as well as the user terminal such as PC.
  • a module having a function of the aforementioned security server may be built in the authentication server, so that the security and authentication servers can be integrated.
  • the user terminal may transmit S/W processing result information as well as the comparison result information of comparing the security information with the S/W registration information of the user terminal.
  • the authentication server may analyze the information received from the user terminal to determine whether or not to allow the user terminal to access the network.
  • the virus vaccine program is set up as the S/W. If the S/W processing result information of the user terminal indicates that the terminal is infected with a virus, the authentication server does not allow the user terminal to access the network. At the same time, the authentication server allocates a secure network path to the user terminal, so that the user terminal can access the vaccine management server to treat virus-infected programs.
  • a network security system can be used to enhance network security by denying a virus-infected terminal or a specific-S/W non- installed terminal to access a network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention se rapporte à un système de sécurité de réseau mettant en oeuvre un processus d'authentification sur des utilisateurs accédant à un réseau, et à un procédé de sécurité de réseau associé. Le système de sécurité de réseau comprend: un serveur de sécurité conçu pour stocker et gérer des politiques de sécurité personnelles appliquées aux utilisateurs enregistrés et des informations de sécurité relatives à ces politiques de sécurité personnelles; un terminal conçu pour transmettre des informations d'authentification de base entrées par un utilisateur pour demander une authentification, et un serveur d'authentification permettant la mise en oeuvre du processus d'authentification sur l'utilisateur en fonction des informations d'authentification de base reçues dudit terminal et pour recevoir les politiques de sécurité personnelles appliquées à l'utilisateur ainsi que les informations de sécurité associées en provenance du serveur de sécurité. Dans ce système, lorsque l'authentification est accordée à l'utilisateur, le serveur d'authentification détermine s'il doit ou non permettre au terminal d'accéder au réseau en fonction des politiques de sécurité personnelles et des informations de sécurité transmises par le serveur de sécurité. En conséquence, le serveur détermine s'il doit autoriser ou non le terminal utilisateur à accéder au réseau en fonction d'un statut d'installation du logiciel spécifique dans les informations de sécurité appliquées à l'utilisateur conjointement avec la mise en oeuvre du processus d'authentification sur l'utilisateur accédant au réseau, de sorte qu'il est possible de mettre en oeuvre une sécurité optimale du réseau.
PCT/KR2005/000857 2004-03-24 2005-03-24 Systeme de securite de reseau exploite conjointement avec un serveur d'authentification et procede associe WO2006001590A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20040020027 2004-03-24
KR10-2004-0020027 2004-03-24
KR10-2005-0024389 2005-03-24
KR1020050024389A KR100714367B1 (ko) 2004-03-24 2005-03-24 인증 서버와 연동되는 네트워크 보안 시스템 및 그 방법

Publications (1)

Publication Number Publication Date
WO2006001590A1 true WO2006001590A1 (fr) 2006-01-05

Family

ID=35781975

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2005/000857 WO2006001590A1 (fr) 2004-03-24 2005-03-24 Systeme de securite de reseau exploite conjointement avec un serveur d'authentification et procede associe

Country Status (1)

Country Link
WO (1) WO2006001590A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015090089A1 (fr) * 2013-12-18 2015-06-25 烽火通信科技股份有限公司 Système et procédé d'authentification et d'autorisation, pour la gestion de réseaux de communication
WO2020052416A1 (fr) * 2018-09-15 2020-03-19 华为技术有限公司 Système, dispositif et procédé de protection de sécurité

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US6662228B1 (en) * 2000-02-01 2003-12-09 Sun Microsystems, Inc. Internet server authentication client
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US6662228B1 (en) * 2000-02-01 2003-12-09 Sun Microsystems, Inc. Internet server authentication client

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015090089A1 (fr) * 2013-12-18 2015-06-25 烽火通信科技股份有限公司 Système et procédé d'authentification et d'autorisation, pour la gestion de réseaux de communication
WO2020052416A1 (fr) * 2018-09-15 2020-03-19 华为技术有限公司 Système, dispositif et procédé de protection de sécurité
CN110912854A (zh) * 2018-09-15 2020-03-24 华为技术有限公司 一种安全保护方法、设备及系统
CN110912854B (zh) * 2018-09-15 2021-03-23 华为技术有限公司 一种安全保护方法、设备及系统
US11647391B2 (en) 2018-09-15 2023-05-09 Huawei Technologies Co., Ltd. Security protection method, device, and system

Similar Documents

Publication Publication Date Title
US10764264B2 (en) Technique for authenticating network users
US7526792B2 (en) Integration of policy compliance enforcement and device authentication
US8555348B2 (en) Hierarchical trust based posture reporting and policy enforcement
KR101047641B1 (ko) 보안 장치용 보안 및 프라이버시 강화
US8868907B2 (en) Device, method, and system for processing communications for secure operation of industrial control system field devices
EP2321928B1 (fr) Authentification dans un réseau utilisant une structure d'exécution de santé de client
US8407240B2 (en) Autonomic self-healing network
US8826378B2 (en) Techniques for authenticated posture reporting and associated enforcement of network access
EP2352323A1 (fr) Procédé et système permettant de contrôler l'accès sans fil à des ressources réseau sécurisées fondé sur le contexte
KR100714367B1 (ko) 인증 서버와 연동되는 네트워크 보안 시스템 및 그 방법
US20040153665A1 (en) Wireless network control and protection system
JP2008500632A (ja) アドホックアクセス環境を提供するネットワークシステムおよび方法
EP1532766A2 (fr) Procede et systeme automatise de securite de reseau
EP3876497A1 (fr) Évaluation actualisée de la conformité de points d'extrémité
JP2022519433A (ja) 無線周波数環境の挙動ベースの監視のためのゼロ・トラスト・ワイヤレス監視システム及び方法
WO2006001647A1 (fr) Systeme de gestion de reseau integree
EP1829323A1 (fr) Procede et systeme pour la prevention contre l'intrusion sur reseau
KR20060044494A (ko) 인증 서버와 연동되는 네트워크 관리 시스템 및 네트워크관리 서버
KR100819942B1 (ko) 유무선 네트워크의 검역 및 정책기반 접속제어 방법
WO2006001590A1 (fr) Systeme de securite de reseau exploite conjointement avec un serveur d'authentification et procede associe
JP5321256B2 (ja) 検疫ネットワークシステム、アクセス管理装置、アクセス管理方法、及びアクセス管理プログラム
WO2006001587A1 (fr) Systeme de gestion de reseau et serveur de gestion de reseau cooperant avec un serveur d'authentification
US9239915B2 (en) Synchronizing between host and management co-processor for network access control
KR101175667B1 (ko) 방화벽을 이용한 사용자 단말의 네트워크 접속 관리 방법
KR101207320B1 (ko) 네트워크 시스템 및 이를 이용한 보안 정책 적용 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION PURSUANT TO RULE 69 (1) EPC ( EPO FORM DATED 06.12.06)

122 Ep: pct application non-entry in european phase