Conventional egress network access control (NAC) at the network layer has two problems. Firstly, wild card "*" is not allowed for a policy. Secondly, we have to run a Web browser for authentication even if we do not use the Web. To solve these problems, this paper proposes a name-level method for egress NAC. Since it evaluates the policy at the DNS server, this method enables a wild card to be used in the policy. Since each DNS query message carries user identification by using Transaction Signature (TSIG), the authentication for any service is performed without Web browsers. The DNS server configures a packet filter dynamically to pass authorized packets. This paper describes the implementation of the DNS server, the packet filter, and the resolver of the method. Experimental results show that the method scales up to 160 clients with a DNS server and a router. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Suzuki, S., Shinjo, Y., Hirotsu, T., Kato, K., & Itano, K. (2005). Name-level approach for egress network access control. In Lecture Notes in Computer Science (Vol. 3421, pp. 284–296). Springer Verlag. https://doi.org/10.1007/978-3-540-31957-3_35
Mendeley helps you to discover research relevant for your work.