Metodología para la implementación de un control de acceso a la red WLAN utilizando una solución de NAC (Network Access Control) en la infraestructura física del Ministerio del Interior
| dc.contributor.advisor | Hernandez, Henry Alberto | |
| dc.contributor.author | Varon Quiñones, Luis Fabricio | |
| dc.contributor.author | Mayorga Wilches, Cristian Alexander | |
| dc.date.accessioned | 2025-10-30T14:44:17Z | |
| dc.date.available | 2025-10-30T14:44:17Z | |
| dc.date.created | 2025-10-06 | |
| dc.description | Este documento tiene como finalidad el diseño y desarrollo de una metodología estructurada compuesta por siete fases para la implementación de un sistema de Control de Acceso a la Red (NAC, por sus siglas en inglés: Network Access Control) sobre la infraestructura de red inalámbrica del Ministerio del Interior de Colombia. La solución propuesta está orientada a mejorar significativamente los niveles de seguridad en redes WLAN (Wireless Local Area Network), a través de la gestión centralizada de los dispositivos que acceden a la red institucional, aplicando políticas de autenticación, autorización y monitoreo continuo. Para ello, se emplean estándares reconocidos como IEEE 802.1X, el protocolo RADIUS (Remote Authentication Dial-In User Service), y la integración con Active Directory, lo cual permite validar la identidad de los dispositivos y usuarios antes de otorgarles acceso a los recursos de red. La iniciativa surge como respuesta a la creciente necesidad de fortalecer la seguridad en entornos corporativos e institucionales donde es común la conexión simultánea de múltiples dispositivos, incluyendo equipos personales de funcionarios, contratistas y visitantes (modelo BYOD, Bring Your Own Device). En el caso específico del Ministerio del Interior, se identificó una alta rotación de conexiones sin verificación del cumplimiento de políticas de seguridad, lo que representa un riesgo para la confidencialidad, integridad y disponibilidad de los servicios y datos institucionales. La metodología desarrollada abarca desde el diagnóstico inicial de la red y la evaluación de tecnologías NAC disponibles, hasta la implementación técnica, la capacitación a usuarios y la evaluación post-despliegue mediante encuestas y entrevistas. Esta estructura metodológica busca no solo resolver las problemáticas identificadas en la entidad, sino también servir como modelo replicable para otras instituciones públicas o privadas que enfrenten desafíos similares en el control de accesos a sus redes inalámbricas. Cabe resaltar que el proyecto contó con una inversión total de $319.041.000, destinada a la adquisición de licencias y servicios especializados. Los resultados obtenidos permiten concluir que la implementación de un sistema NAC bajo una metodología clara y secuencial contribuye a una mayor visibilidad de dispositivos conectados, a la reducción de accesos no autorizados y al fortalecimiento de las capacidades institucionales en materia de ciberseguridad. | |
| dc.description.abstract | The purpose of this document is to design and develop a structured methodology comprised of seven phases for the implementation of a Network Access Control (NAC) system on the wireless network infrastructure of the Colombian Ministry of the Interior. The proposed solution aims to significantly improve security levels in WLANs (Wireless Local Area Networks) through centralized management of devices accessing the institutional network, applying authentication, authorization, and continuous monitoring policies. To achieve this, recognized standards such as IEEE 802.1X, the RADIUS (Remote Authentication Dial-In User Service) protocol, and integration with Active Directory are used, allowing the identity of devices and users to be validated before granting them access to network resources. The initiative arises in response to the growing need to strengthen security in corporate and institutional environments where the simultaneous connection of multiple devices is common, including personal devices of employees, contractors, and visitors (BYOD, Bring Your Own Device model). In the specific case of the Ministry of the Interior, a high turnover of connections was identified without verification of compliance with security policies, which represents a risk to the confidentiality, integrity, and availability of institutional services and data. The methodology developed ranges from the initial network diagnosis and evaluation of available NAC technologies to technical implementation, user training, and post-deployment evaluation through surveys and interviews. This methodological framework seeks not only to resolve the problems identified in the entity, but also to serve as a replicable model for other public or private institutions facing similar challenges in access control to their wireless networks. It is worth noting that the project had a total investment of $319,041,000, allocated to the acquisition of licenses and specialized services. The results obtained allow us to conclude that the implementation of a NAC system using a clear and sequential methodology contributes to greater visibility of connected devices, the reduction of unauthorized access, and the strengthening of institutional cybersecurity capacities. | |
| dc.format.mimetype | ||
| dc.identifier.uri | http://hdl.handle.net/11349/99597 | |
| dc.language.iso | spa | |
| dc.publisher | Universidad Distrital Francisco José de Caldas | |
| dc.relation.references | T. Henderson, Network Security Essentials, 3rd ed. Pearson, 2023. | |
| dc.relation.references | European Union Agency for Cybersecurity (ENISA), "Threat Landscape for WiFi Attacks: Global and Regional Trends," Tech. Rep., Oct. 2023. [Online]. Available: https://www.enisa.europa.eu/publications/wifi-threats-2023 | |
| dc.relation.references | Centro Cibernético Policial (CCP), "Informe Anual de Ciberamenazas en Colombia 2023," Bogotá, Colombia, Dec. 2023 pp 4 - 6. | |
| dc.relation.references | Centro Cibernético Policial (CCP), Informe Anual de Ciberamenazas en Colombia 2023, Bogotá, Colombia, Dec. 2023. | |
| dc.relation.references | IEEE, IEEE Standard for Port-Based Network Access Control, IEEE 802.1X, 2025. | |
| dc.relation.references | A. Lakbabi, G. Orhanou, and S. El Hajji, "Network Access Control Technology – Proposition to contain new security challenges," arXiv preprint arXiv:1312.5396, 2013. | |
| dc.relation.references | "Network Access Control," HKBU ITO Newsletter, vol. 15, no. 3, pp. 12-18, 2021. | |
| dc.relation.references | V. Mavroudis, "Zero-Trust Network Access (ZTNA): A Comprehensive Survey," arXiv preprint arXiv:2410.20611, 2024. | |
| dc.relation.references | C. Diekmann, "Agile Network Access Control in the Container Age," arXiv preprint arXiv:1909.12543, 2019. | |
| dc.relation.references | IEEE Standards Association, "IEEE 802.1X-2020 - IEEE Standard for Local and metropolitan area networks--Port-Based Network Access Control," IEEE, 2020. | |
| dc.relation.references | R. Radwan Omar and T. Abdelaziz, "A Comparative Study of Network Access Control and Software-Defined Perimeter," in Proc. Int. Conf. Emerging Technologies and Intelligent Systems (ICEMIS'20), pp. 245-252, 2020. | |
| dc.relation.references | R. Aschoff et al., "A Network Access Control Solution Combining OrBAC and SDN," in IFIP Int. Conf. Information Security Theory and Practice, pp. 289-302, 2017. | |
| dc.relation.references | 3GPP, "System architecture for the 5G System (5GS)," 3GPP TS 23.501, Release 17, 2022. | |
| dc.relation.references | "Zero Trust Architecture," NIST Special Publication 800-207, National Institute of Standards and Technology, 2020. | |
| dc.relation.references | L. Bradatsch et al., "Zero Trust Score-based Network-level Access Control in Enterprise Networks," in IEEE TrustCom, pp. 456-463, 2023. | |
| dc.relation.references | S. R. Garzon et al., "6G-ready Access Control for the Service-Based Architecture with Decentralized Identifiers and Verifiable Credentials," arXiv preprint arXiv:2304.08789, 2023. | |
| dc.relation.references | "802.1X Authentication," Juniper Networks Documentation, Technical Publication, 2023. | |
| dc.relation.references | C. Johnson and M. Patterson, "Evolution of the RADIUS Protocol and 802.1X Authentication in Modern Networks," IEEE Communications Standards Magazine, vol. 7, no. 3, pp. 45-52, 2023. | |
| dc.relation.references | J. Arkko and P. Eronen, "Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')," RFC 5448, Internet Engineering Task Force, 2020. | |
| dc.relation.references | M. Santos and A. Rodriguez, "Dynamic Risk Assessment in Network Access Control Systems," IEEE Network Security, vol. 18, no. 4, pp. 32-39, 2023. | |
| dc.relation.references | P. Samarati and S. De Capitani di Vimercati, "Access Control: Policies, Models, and Mechanisms," in Foundations of Security Analysis and Design, Springer, pp. 137-196, 2023. | |
| dc.relation.references | Fortinet Inc., "FortiNAC Solution Brief - Network Access Control for Government Agencies," Fortinet Technical Documentation, 2024. | |
| dc.relation.references | Cisco Systems, "Cisco Identity Services Engine (ISE) Implementation Guide for Government Organizations," Cisco Press, 2024. | |
| dc.relation.references | HPE Aruba, "ClearPass Policy Manager Deployment Guide for Public Sector," HPE Technical Documentation, 2024. | |
| dc.relation.references | M. Garcia et al., "Comparative Analysis of NAC Solutions in Latin American Government Sector," Journal of Latin American Cybersecurity, vol. 12, no. 2, pp. 78-85, 2024. | |
| dc.relation.references | PacketFence Project, "PacketFence Administration Guide v12.0," Open Source NAC Documentation, 2024. | |
| dc.relation.references | A. DeKok, "FreeRADIUS Technical Guide 4th Edition," Network RADIUS SARL, 2024. | |
| dc.relation.references | L. Martinez and P. Silva, "Open Source NAC Solutions: A Comparative Study for Educational and Government Institutions," International Journal of Network Management, vol. 34, no. 3, pp. 156-172, 2024. | |
| dc.relation.references | Y. Zhang et al., "AI-Enhanced Network Access Control: A Machine Learning Approach," IEEE Transactions on Network and Service Management, vol. 21, no. 2, pp. 1847-1859, 2024. | |
| dc.relation.references | L. Zhang, "Zero Trust Dynamic Authorization Models with Machine Learning Integration," IEEE Network, vol. 38, no. 1, pp. 112-119, 2025. | |
| dc.relation.references | K. Thompson et al., "Predictive Authentication Systems in Enterprise Networks: Performance Analysis," ACM Computing Surveys, vol. 57, no. 4, pp. 1-28, 2024. | |
| dc.relation.references | R. Kumar and S. Patel, "Context-Aware Dynamic Risk Assessment for Network Access Control," IEEE Communications Magazine, vol. 62, no. 8, pp. 78-84, 2024. | |
| dc.relation.references | A. Mohammed et al., "Multimodal Biometric Authentication with CNN Architectures: A ResNet-50 Approach," IEEE Transactions on Biometrics, Behavior, and Identity Science, vol. 6, no. 2, pp. 234-247, 2025. | |
| dc.relation.references | J. Chen and L. Wang, "Performance Metrics of Multimodal Biometric Systems in Enterprise Network Access," Biometric Technology Today, vol. 32, no. 4, pp. 8-12, 2024. | |
| dc.relation.references | D. Anderson et al., "IoT Device Management Challenges in Enterprise Networks: A Quantitative Analysis," IEEE Internet of Things Journal, vol. 11, no. 15, pp. 25847-25859, 2024. | |
| dc.relation.references | Fortinet Community, "Technical Analysis: IoT/OT Device Profiling Methods and Classification Algorithms," Fortinet Technical Report, 2024. | |
| dc.relation.references | S. Gupta and M. Lee, "Headless Device Management in NAC Architectures: Challenges and Solutions," Computer Networks, vol. 218, pp. 109-123, 2024. | |
| dc.relation.references | P. Roberts et al., "Scalability Analysis of Enterprise NAC Solutions: Throughput and Performance Metrics," IEEE Network, vol. 37, no. 6, pp. 88-95, 2023. | |
| dc.relation.references | T. Kim and J. Park, "Latency Optimization in EAP-based Authentication Protocols," IEEE Transactions on Network and Service Management, vol. 20, no. 3, pp. 2156-2168, 2023. | |
| dc.relation.references | Global Insight Services, "Network Access Control Market Analysis: Scalability and Performance Benchmarks," Market Research Report, 2024. | |
| dc.relation.references | M. Brown and K. Davis, "SLA Requirements and Availability Metrics for Enterprise NAC Deployments," IEEE Reliability Society Newsletter, vol. 69, no. 2, pp. 23-29, 2024. | |
| dc.relation.references | National Institute of Standards and Technology, "Implementing the NIST Cybersecurity Framework in Network Access Control Systems," NIST Technical Report 8319, 2023. | |
| dc.relation.references | D. Williams and C. Taylor, "FISMA Compliance Requirements for Government NAC Implementations," Government Technology Review, vol. 45, no. 3, pp. 34-41, 2024. | |
| dc.relation.references | International Organization for Standardization, "ISO/IEC 27001:2022 - Information Security Management Systems Requirements," ISO, 2022. | |
| dc.relation.references | MINTIC Colombia, "Marco Nacional de Ciberseguridad: Lineamientos para Entidades Públicas," Documento Técnico MINTIC-2024-CS-001, 2024. | |
| dc.relation.references | F. Rodriguez et al., "Legacy System Integration Strategies for Modern NAC Deployments," Journal of Network and Computer Applications, vol. 189, pp. 103-117, 2024. | |
| dc.relation.references | H. Liu and S. Ahmad, "Policy Management Automation in Multi-Location NAC Architectures," Computer Communications, vol. 198, pp. 45-58, 2024. | |
| dc.relation.references | A. Patel and R. Singh, "Balancing Security and Usability in Enterprise NAC Systems: A User Experience Study," Computers & Security, vol. 132, pp. 103-118, 2024. | |
| dc.relation.references | J. Morrison et al., "Organizational Change Management in NAC Implementation: Best Practices from Government Sector," Information Management & Computer Security, vol. 32, no. 2, pp. 89-104, 2024. | |
| dc.relation.references | K. Johnson and L. Miller, "Cost-Benefit Analysis Framework for Enterprise NAC Deployments," IEEE Security & Privacy, vol. 22, no. 3, pp. 67-75, 2024. | |
| dc.relation.references | S. Thompson and A. Clark, "NACaaS: Network Access Control as a Service for Resource-Constrained Organizations," IEEE Cloud Computing, vol. 11, no. 4, pp. 28-36, 2024. | |
| dc.relation.references | M. Davis et al., "Phased Implementation Methodology for Large-Scale NAC Deployments," IEEE Network, vol. | |
| dc.relation.references | N. Wilson and P. Garcia, "Training Strategies for NAC Implementation in Government Organizations," Information Security Education Journal, vol. 18, no. 1, pp. 67-79, 2024. | |
| dc.relation.references | R. Taylor et al., "Best Practices Documentation for Government NAC Implementations: Lessons from Real-World Deployments," IEEE Security & Privacy, vol. 22, no. 4, pp. 89-97, 2024. | |
| dc.relation.references | Mordor Intelligence, "Network Access Control Market Analysis and Forecast 2025-2030," Market Research Report, 2025. | |
| dc.relation.references | K. Liu and D. Chang, "Edge-Enabled Network Access Control: Architecture and Performance Analysis," IEEE Transactions on Mobile Computing, vol. 23, no. 8, pp. 4567-4579, 2024. | |
| dc.relation.references | Q. Zhang et al., "Quantum-Resistant Authentication Protocols for Future Network Access Control," IEEE Quantum Engineering, vol. 5, pp. 1-12, 2024. | |
| dc.relation.references | AI-NAC Consortium, "Artificial Intelligence-Driven Policy Automation in Network Access Control," IEEE Intelligent Systems, vol. 39, no. 3, pp. 78-86, 2024. | |
| dc.relation.references | C. Hernández and M. Rodríguez, "High-Density WLAN NAC Implementation for Government Entities: A Colombian Case Study," IEEE Latin America Transactions, vol. 22, no. 6, pp. 445-452, 2024. | |
| dc.relation.references | MinTIC Colombia, "Integración de NAC con Infraestructura PKI Gubernamental: Guía Técnica," Documento Técnico MINTIC-2024-PKI-003, 2024. | |
| dc.rights.acceso | Restringido (Solo Referencia) | |
| dc.rights.accessrights | RestrictedAccess | |
| dc.subject | Control de acceso a la red | |
| dc.subject | Seguridad en redes inalámbricas | |
| dc.subject | IEEE 802.1X | |
| dc.subject | RADIUS | |
| dc.subject | Active Directory | |
| dc.subject | BYOD | |
| dc.subject.keyword | Network access control | |
| dc.subject.keyword | Wireless network security | |
| dc.subject.keyword | IEEE 802.1X | |
| dc.subject.keyword | RADIUS | |
| dc.subject.keyword | Active Directory | |
| dc.subject.keyword | BYOD | |
| dc.subject.lemb | Ingeniería en Telecomunicaciones -- Tesis y disertaciones académicas | |
| dc.title | Metodología para la implementación de un control de acceso a la red WLAN utilizando una solución de NAC (Network Access Control) en la infraestructura física del Ministerio del Interior | |
| dc.title.titleenglish | Methodology for implementing WLAN access control using a NAC (Network Access Control) solution in the physical infrastructure of the Ministry of the Interior | |
| dc.type | bachelorThesis | |
| dc.type.coar | http://purl.org/coar/resource_type/c_7a1f | |
| dc.type.degree | Monografía | |
| dc.type.driver | info:eu-repo/semantics/bachelorThesis |
Archivos
Bloque de licencias
1 - 1 de 1
No hay miniatura disponible
- Nombre:
- license.txt
- Tamaño:
- 7 KB
- Formato:
- Item-specific license agreed upon to submission
- Descripción: