Diseño e implementación de un sistema de autenticación y políticas de seguridad mediante un servidor AAA, haciendo uso del estándar IEEE 802.1x y los protocolos Radius y Tacacs+ para la red corporativa de la empresa proyectos integrales de Ecuador PIL S.A.

Proyectos Integrales del Ecuador PIL S.A., a company that provides services in the industrial sector and telecommunications, has struggled in its internal communications network for lack of scalability and convergence in their network services, also has high transmission delay times data and securit...

Descripción completa

Autor Principal: Valdivieso Villamarín, Ángel Andrés
Formato: bachelorThesis
Idioma: spa
Publicado: 2015
Materias:
Acceso en línea: http://dspace.ups.edu.ec/handle/123456789/10192
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
Sumario: Proyectos Integrales del Ecuador PIL S.A., a company that provides services in the industrial sector and telecommunications, has struggled in its internal communications network for lack of scalability and convergence in their network services, also has high transmission delay times data and security mechanisms, due to his deteriorating and centralized infrastructure in a UTM server that provides services and network security for users. The mechanism Secure Access was handled directly by the active directory having a port architecture extended to the user, in addition to being assigned static VLAN in certain ports and output internet by another application, the user needed to enter twice credentials to have internet service, presenting problems in the management of security policies for the IT department coordinator. With the foregoing and an increase of staff within the organization, thinking about an improvement in terms of availability performance and safety, it was decided to perform a restructuring of infrastructure, to improve services to the corporate network and thus satisfy security needs and technological benefits for each of their workers. It was decided to change all existing equipment brand 3com by Cisco equipment, secure access to network with UTM (Unified Threat Management) for server AAA (Authentication, Authorization and Audit) Security, which will take place on ACS (Access Control Server) Cisco authentications of users, either through wired and wireless network; This will be linked to Windows Active Directory, it will be configured by IT (Information Technology) of PIL S.A. The new system will allow mobility and security for network access both LAN level (Local Area Network) and WLAN (Wireless Local Area), so if a user wants to access the network PIL S.A., you must Register through your user account and password, this information will be found recorded in the current directory, thus maintaining visibility and control of access each user entering the network, automatically assigning permissions and network resources according to user profile within the specified database. If an unregistered user tries to access the network, the system will block the port that the anomaly was recorded, thus protecting network PIL S.A. of a possible leak of information by persons outside the company, maintaining the reliability and integrity of the system. Different types of users and groups in order to corroborate that meet the designated policies in the Active Directory by staff of PIL S.A. were evaluated Therefore the user must go through two security levels through the authenticator equipment and the authentication server to send your request to Active Directory ACS assigns the VLAN to which this is related.