Network security policy for corporate networks

OData support
Supervisor:
Jakab Tivadar
Department of Networked Systems and Services

My thesis is focused on the network security policies, and the solutions that ensure, that the endpoints meet the requirements written in the policies. A corporate network contains a number of complex technological solutions, several different access points, and a large number of endpoints These endpoints can be PCs, laptops, PDAs, new generation mobile phones, printers, etc. A carefully prepared network policy addresses the importance of protecting the endpoints and provides rules to how to achive the desired security. Human errors,thoughtlessness and malicious attacks are still problems to be counted.

The Network Access Control (NAC) solutions provide a solution to this problem. NAC provides control of network access , so the endpoints are validated against the security policy requirements. NAC ensures that the operating system security updates and the anitvirus software’s virus database are up to date. If a client fails the requirements, it is put into quarantine, or the access is denied. Users are put into roles, only allowing access to resources and parts of the network which are necessary for daily work.

In my thesis I introduce the key elements of network security policy, what requirements must be respected by all to achieve a safe operation. Then, in a short chapter I summerize what steps are needed and what security risks pose introducing a new security system. Using the Cisco NAC solution, I show how to enforce the rules in the policy, how the users are identified and the endpoint devices are controlled. I created a network of Cisco instruments and examined several aspects of the system. I studied the different operating modes (In-band, Out-of-band, Virtual Gateway, Real-IP Gateway, Layer 2, Layer 3). I reviewed how it handles the different possibilities of network access. Finally, I tested how Cisco NAC performs on a variety of operating systems and in case of requirements I implemented.

Downloads

Please sign in to download the files of this thesis.