METHODS AND SYSTEMS FOR NETWORK SECURITY

Information

  • Patent Application
  • 20230300130
  • Publication Number
    20230300130
  • Date Filed
    March 17, 2022
    2 years ago
  • Date Published
    September 21, 2023
    a year ago
Abstract
Embodiments of a device and method are disclosed. In an embodiment, a method for network security involves determining whether a device connected to a network port of a switch of a network is a native device or a non-native device for the network and in response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication.
Description
Claims
  • 1. A method for network security, the method comprising: determining whether a device connected to a network port of a switch of a network is a native device or a non-native device for the network; andin response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication.
  • 2. The method of claim 1, wherein determining whether the device is the native device or the non-native device for the network comprises determining whether the device is the native device or the non-native device for the network based on Link Layer Discovery Protocol (LLDP) information related to the device.
  • 3. The method of claim 1, wherein determining whether the device is the native device or the non-native device for the network comprises determining whether the device is the native device or the non-native device for the network based on Dynamic Host Configuration Protocol (DHCP) information related to the device.
  • 4. The method of claim 1, further comprising prior to native device authentication or non-native device authentication is completed, limiting data traffic through the network port of the switch from the device.
  • 5. The method of claim 1, further comprising before native device authentication or non-native device authentication is completed, only allowing a message containing Link Layer Discovery Protocol (LLDP), Dynamic Host Configuration Protocol (DHCP), or Address Resolution Protocol (ARP) information, a Transport Layer Security (TLS) message within one hop, and an IEEE 802.1X port-based Network Access Control (PNAC) message from the device through the network port of the switch.
  • 6. The method of claim 1, further comprising before native device authentication or non-native device authentication is completed, directing data traffic from the device to a default page.
  • 7. The method of claim 1, wherein in response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication comprises: performing native device authentication when the device is determined as the native device; andperforming non-native device authentication when the device is determined as the non-native device.
  • 8. The method of claim 7, wherein performing native device authentication when the device is determined as the native device comprises exchanging a plurality of security certificates between the switch and the device.
  • 9. The method of claim 8, further comprising allowing the device to access a plurality of network resources in the network when native device authentication is successfully performed.
  • 10. The method of claim 7, wherein performing non-native device authentication when the device is determined as the non-native device comprises exchanging a plurality of port-based Network Access Control (PNAC) messages between the switch and the device.
  • 11. The method of claim 1, further comprising allowing the device to access only a subset of a plurality of network resources in the network when non-native device authentication is successfully performed.
  • 12. The method of claim 1, wherein the switch comprises an access switch (AS) of the network or a distribution switch (DS) of the network.
  • 13. The method of claim 12, wherein the AS is connected to at least one distribution switch (DS) of the network.
  • 14. The method of claim 1, wherein the device comprises a wireless access point (AP).
  • 15. A method for network security, the method comprising: at a switch of a network, determining whether a device connected to a network port of the switch is a native device or a non-native device for the network; andin response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication using the switch.
  • 16. The method of claim 15, wherein determining whether the device is the native device or the non-native device for the network using the switch comprises determining whether the device is the native device or the non-native device for the network based on Link Layer Discovery Protocol (LLDP) information or Dynamic Host Configuration Protocol (DHCP) information related to the device that is received at the switch.
  • 17. The method of claim 15, further comprising prior to native device authentication or non-native device authentication is completed, directing data traffic from the device to a default page.
  • 18. The method of claim 15, wherein in response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication using the switch comprises: performing native device authentication using the switch when the device is determined as the native device; andperforming non-native device authentication using the switch when the device is determined as the non-native device.
  • 19. The method of claim 18, wherein performing native device authentication when the device is determined as the native device using the switch comprises exchanging a plurality of security certificates between the switch and the device, and wherein performing non-native device authentication when the device is determined as the non-native device using the switch comprises exchanging a plurality of port-based Network Access Control (PNAC) messages between the switch and the device.
  • 20. A method for network security, the method comprising: at an access switch (AS) of a network, determining whether a device connected to a network port of the AS is a native device or a non-native device for the network based on Link Layer Discovery Protocol (LLDP) information or Dynamic Host Configuration Protocol (DHCP) information related to the device, wherein the AS is connected to at least one distribution switch (DS) of the network; andin response to determining whether the device is the native device or the non-native device for the network, performing native device authentication by exchanging a plurality of security certificates between the AS and the device or non-native device authentication by exchanging a plurality of port-based Network Access Control (PNAC) messages between the AS and the device.