[1]成庚.FC端口安全原理及实现[J].计算机技术与发展,2015,25(12):1288-132.
 CHENG Geng. Principle of Fibre Channel Port-security and Its Implementation[J].,2015,25(12):1288-132.
点击复制

FC端口安全原理及实现()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
25
期数:
2015年12期
页码:
1288-132
栏目:
安全与防范
出版日期:
2015-12-10

文章信息/Info

Title:
 Principle of Fibre Channel Port-security and Its Implementation
文章编号:
1673-629X(2015)12-0128-05
作者:
 成庚
 南京邮电大学
Author(s):
 CHENG Geng
关键词:
 光纤通道FCoEFCF安全策略自动测试框架
Keywords:
 FCFCoE FCF security policy ATF
分类号:
TP309
文献标志码:
A
摘要:
 如今,FC( Fibre Channel,光纤通道)作为SAN( Storage Area Networks,存储区域网络)的一项连接技术取得了很大成功. 而FC端口安全原理提供基于端口级别的安全控制,可以防止未授权的设备登录到交换机,保证FC SAN的安全. 文中在比较FC和FCoE技术以及分析节点设备登录FCF( FCoE Forwarder)交换机过程的基础上,针对FC端口的安全功能需求给出实现端口安全的安全策略模块化设计. 通过在FCF交换机的不同端口上配置不同的安全策略,从而使得被该安全策略授权的设备登录FCF交换机进而接入FC SAN,而未经该安全策略授权的设备无法登录到FCF交换机,达到保障网络安全的目的. 最后利用ATF( automation Test Framework)技术进行FC端口安全策略的功能验证. 结果表明,通过在FC端口上配置安全策略可以达到保障网络安全的目的,实现了FC端口安全功能.
Abstract:
 Nowadays,FC has achieved great success as a technology in the SAN. The FC port-security principle provides secure control based on ports,which may turn them down when unauthorized devices require to login FCF and guarantee the security of the FC SAN. Based on the comparison of FC and FCoE,as well as the analysis of the process of ENode logining the FCF,security policies were de-signed modularly to implement port-security for FC ports security requirements. By configuring different security policies on differemt ports of FCF,authorized devices can login in the FCF while unauthorized devices can’t,which guarantees the security of the FC SAN. Fi-nally the ATF technology was also used to test whether the expected function of the FC port-security policies had been implemented. The test results show that the function of guaranteeing the security of FCF ports and FC SAN is implemented by configuring security policies on FCF ports.

相似文献/References:

[1]王红春.基于FC的航电数字视频传输技术研究[J].计算机技术与发展,2010,(05):250.
 WANG Hong-chun.Research on Digital Video Transfer Technique of Fibre Channel in Avionics Environment[J].,2010,(12):250.
[2]蔡叶芳 田泽 杨海波 李攀 赵强 黎小玉.基于SOPC的FC-2层协议设计与实现[J].计算机技术与发展,2009,(08):224.
 CAI Ye-fang,TIAN Ze,YANG Hai-bo,et al.Design and Implementation of FC - 2 Level Protocol Based on SOPC[J].,2009,(12):224.
[3]杨海波 田泽 蔡叶芳 李攀 黎小玉 赵强.FC IP软核的仿真与验证[J].计算机技术与发展,2009,(09):168.
 YANG Flai-bo,TIAN Ze,CAI Ye-fang,et al.Function Simulation and FPGA Verification for FC IP Core[J].,2009,(12):168.
[4]黎小玉 田泽 王泉 蔡叶芳 李攀 杨海波.基于SoC_FC芯片的电源管理系统设计与实现[J].计算机技术与发展,2010,(08):247.
 LI Xiao-yu,TIAN Ze,WANG Quan,et al.Design and Implementation of Power Management System Based on SoC_FC[J].,2010,(12):247.
[5]马城城,田泽,黎小玉.FC-AE-ASM网络通信鲁棒性测试设计与实现[J].计算机技术与发展,2013,(03):208.
 MA Cheng-cheng,TIAN Ze,LI Xiao-yu.Design and Implementation of Communication Robustness Test on FC-AE-ASM Network[J].,2013,(12):208.
[6]李攀,田泽,蔡叶芳,等.基于FPGA的双通道FC数据采集卡设计[J].计算机技术与发展,2013,(07):179.
 LI Pan,TIAN Ze,CAI Ye-fang,et al.Dual-channel FC Data Acquisition Board Design Based on FPGA[J].,2013,(12):179.
[7]杨海波,田泽,蔡叶芳,等.基于FPGA的多功能FC协议分析仪设计[J].计算机技术与发展,2013,(07):214.
 YANG Hai-bo,TIAN Ze,CAI Ye-fang,et al.Design of Multi-functional FC Protocol Analyzer Based on FPGA[J].,2013,(12):214.
[8]黎小玉,田泽,刘娟,等.FC协议分析仪软件设计与实现[J].计算机技术与发展,2013,(08):31.
 LI Xiao-yu,TIAN Ze,LIU Juan,et al.Design and Implementation of FC Protocol Analyzer Software[J].,2013,(12):31.
[9]黎小玉,田泽,刘娟,等.FC数据采集记录器软件设计与实现[J].计算机技术与发展,2014,24(03):19.
 LI Xiao-yu,TIAN Ze,LIU Juan,et al.Design and Implementation of High-speed FC Data Acquisition Recorder Software[J].,2014,24(12):19.
[10]霍卫涛,田泽,李攀,等.基于FPGA的光纤通道网络监控卡设计与实现[J].计算机技术与发展,2014,24(05):199.
 HUO Wei-tao,TIAN Ze,LI Pan,et al.Design and Implementation of Fibre Channel Network Monitoring Card Based on FPGA[J].,2014,24(12):199.
[11]邓轲,田泽,郭亮,等. 机载光纤通道采集记录仪的设计及实现[J].计算机技术与发展,2015,25(04):162.
 DENG Ke,TIAN Ze,GUO Liang,et al. Design and Implementation of FC Acquisition & Recorder[J].,2015,25(12):162.

更新日期/Last Update: 2016-01-29