»ùÓÚ·Ö²¼Ê½Áª¶¯¼¼ÊõµÄÍøÂ簲ȫ²ßÂÔÑо¿

·¢²¼Ê±¼ä£º2018-02-12 08:11

  ±¾ÎĹؼü´Ê£º ÍøÂ簲ȫ ·Ö²¼Ê½Áª¶¯¼¼Êõ É豸ÈÏ֤ЭÒé¡¡³ö´¦£º¡¶ÄϾ©Óʵç´óѧ¡·2014Äê˶ʿÂÛÎÄ¡¡ÂÛÎÄÀàÐÍ£ºÑ§Î»ÂÛÎÄ

¡¾ÕªÒª¡¿£ºÄ¿Ç°ÆóÒµÍøÂç´ó¶à²ÉÓ÷ֲãµÄ×éÍøÉè¼Æ£¬¶øÉ豸³§É̵ķÀ¹¥»÷Êֶδó¶à½øÐе¥»ú²¿Êð£¬È±ÉÙÉ豸ÓëÉ豸֮¼äµÄÓÐЧÈÏÖ¤£¬ÒÔ¼°°²È«²ßÂÔµÄÁª¶¯»úÖÆ£¬²»ÄÜÓÐЧʶ±ð¿ÉÄÜ·¢ÉúµÄ¹¥»÷ÐÐΪ½ø¶ø¶ÔÆä½øÐÐÓÐЧÀ¹½Ø£¬´Ó¶øÔì³ÉÍøÂç¹¥»÷µÄÀ©É¢£¬ÉõÖÁ»ã¾Û»òºËÐÄÉ豸µÄ̱»¾£¬½ø¶øÔì³ÉÍøÂçÖжϡ¢ÍøÂçÖÊÁ¿Ï½µ¼°ÆäÓ°ÏìÃæ´óµÈÎÊÌâ¡£ ±¾ÎÄÖ÷ÒªÑо¿Í¨¹ý»ùÓÚ·Ö²¼Ê½µÄÉ豸ÈÏÖ¤£¬Ðγɿç²ãÍøÂçµÄÁª¶¯¼ì²â£¬ÊµÏÖ·À¹¥»÷²ßÂԺͼ¼ÊõµÄ·Ö²¼Ê½²¿Êð¡£ÆäÖÐÖصã¶ÔÉ豸ÈÏÖ¤µÄ¼¼ÊõÔ­Àí¡¢°²È«²ßÂÔµÄÁª¶¯¼¼Êõ½øÐзÖÎöºÍ²ûÊö£¬²¢¸ø³öÒ»ÖÖÓÐЧµÄ·ÀÍøÂç¹¥»÷µÄ°²È«Áª¶¯¼¼ÊõµÄ²¿Êð·½°¸¡£ ±¾ÎĵÄÖ÷ÒªÑо¿³É¹ûÈçÏ£º £¨1£©Ìá³ö·Ö²¼Ê½Áª¶¯°²È«²ßÂÔ£¬ËüÀ©Õ¹ÁË´«Í³ÒÔÌ«Íø½»»»»úµÄÈí¼þ£¬ÎªCommander/Relay½ÇÉ«Ôö¼Ó¡°ÅäÖÃÄ£¿é¡±¡¢¡°ÈÏ֤ģ¿é¡±¡¢¡°client²ßÂÔ·Ö·¢ºÍ¶¯Ì¬µ÷ÕûÄ£¿é¡±¡¢¡°¶¯Ì¬¼ì²âÄ£¿é¡±£»²¢¶ÔÔ­Óн»»»»úµÄ½Ó¿Ú¹ÜÀíÄ£¿é¡¢AAA/RadiusÄ£¿é¡¢¸æ¾¯¹ÜÀíÄ£¿é½øÐÐÁËÐ޸ġ£ £¨2£©²Î¿¼MACÈÏÖ¤ºÍÃÜÂëÈÏÖ¤Éè¼Æ³öÉ豸°²È«ÈÏÖ¤£¬Ïêϸ½éÉÜÁËClientÓëCommander/RelayÖ®¼äµÄÈÏÖ¤Á÷³Ì£¬£¬Commander¡¢RelayÖ®¼äµÄÈÏÖ¤Á÷³Ì¡£ £¨3£©Éè¼Æ³ö·Ö²¼Ê½Áª¶¯°²È«²ßÂԵķַ¢¡¢¶¯Ì¬µ÷ÕûºÍ¼ì²â»úÖÆ£¬²¢¶ÔÆäÖеı¨ÎĽøÐÐÉÙÁ¿µÄÀ©Õ¹¡£
[Abstract]:At present most of the enterprise network design of network layers, and anti attack equipment manufacturers mostly stand-alone deployment, the lack of effective authentication between equipment and equipment, and the security strategy of the linkage mechanism, aggressive behavior can not effectively identify possible and to carry out effective interception, resulting in the diffusion of network attacks, or even sink the core equipment of paralysis, causing network outages, network quality decrease and the impact of large problems.
This paper mainly studies the device authentication based on distributed detection, form a joint cross layer network, distributed attack prevention strategy and technology deployment. The technical principle and emphasis on equipment certification, linkage technology security strategy is analyzed and explained. The deployment scheme and gives an effective attack against network security interaction technology.
The main research results of this paper are as follows:
(1) this paper proposes a distributed interactive security strategy, which extends the traditional Ethernet switch software, add "configuration module for the Commander/Relay role," the authentication module "," client strategy distribution and dynamic adjustment module "," dynamic detection module; interface management module, and the replacement of the original turn of the AAA/Radius module, alarm management module was modified.
(2) design safety authentication based on MAC authentication and password authentication. The authentication process between Client and Commander/Relay is introduced in detail, and the authentication process between Commander and Relay is introduced.
(3) the distribution of distributed linkage security strategy, dynamic adjustment and detection mechanism, and a small amount of expansion of the message are designed.

¡¾Ñ§Î»ÊÚÓ赥λ¡¿£ºÄϾ©Óʵç´óѧ
¡¾Ñ§Î»¼¶±ð¡¿£ºË¶Ê¿
¡¾Ñ§Î»ÊÚÓèÄê·Ý¡¿£º2014
¡¾·ÖÀàºÅ¡¿£ºTP393.08

¡¾ÏàËÆÎÄÏס¿

Ïà¹ØÆÚ¿¯ÂÛÎÄ Ç°10Ìõ

1 ;ÃÀ¹úר¼ÒÌá³ö¼ÓÇ¿ÍøÂ簲ȫµÄ10Ìõ½¨Òé[J];w­ÍûÐÂÎÅÖÜ¿

±¾ÎıàºÅ£º1505172