基于校园网的接入控制系统的研究

发布时间：2018-04-02 23:13

  本文选题：网络安全　切入点：接入控制　出处：《上海交通大学》2014年硕士论文

【摘要】：当今的信息化社会,网络已经成为人们日常生活中不可或缺的组成部分。校园网作为我国教育信息化的主要组成部分,作为学校重要的基础设施,在日常教学、行政管理、科研活动以及对外交流等各个方面发挥着举足轻重的作用。然而,随着应用的不断深入,校园网络规模的急剧膨胀,确保校园网正常、稳定、安全地运行面临着越来越严峻的挑战,校园网络的安全问题已经成为当前校园网络建设中不可忽视的首要问题。互联网时代,校园网已经成为网络安全的重灾区。虽然投入了大量的人力物力财力,建立了如身份认证、防火墙、入侵检测等安全系统,但是由于这些系统都是针对特定的安全领域,缺乏可灵活配置的整合性安全体系结构。在面对新的安全形势变化时,无法及时地调整安全策略以适应新的安全挑战。因此,建立一个可配置的基于规则的前置式接入控制系统是必不可少的。针对上述问题,本文提出了一种通过与网络认证产品相结合,在计算机系统连接网络时进行安全状态检测的计算机网络安全解决方案。该方案,可根据实际的需求,灵活配置安全检测规则,并根据所定义的安全规则判别计算机系统的安全状态,针对不满足要求的低安全性的计算机系统,限制其网络接入范围或者进行隔离,并引导其更新安全状态,从而确保接入网络的计算机系统具有一定的安全级别,最小化网络可能面临的安全隐患。本文首先从校园网络的现状和特点入手,分析了校园网络所面临的安全问题以及导致这些问题的原因,总结了校园网的安全需求,从而提出了安全检测接入控制系统的设计目标,即:禁止未经授权的用户访问网络内部资源,建立灵活可变的安全策略减轻安全威胁对校园网的影响以及加强网络内部监测控制能力。根据其设计目标,提炼出了安全检测接入控制系统所需具备的用户身份认证、终端安全状态检查和网络访问控制三个基本特性,并介绍了实现该系统的技术基础:网络安全准入控制技术。该系统的设计核心思想是通过对要求访问校园网络的设备进行身份认证及安全状态检查。当满足网络的安全要求时,允许其接入校园网络访问网络资源;而针对不符合安全要求的设备则进行隔离,并引导其完善本身的安全状态,从而保证接入设备的安全可控性。其次,根据校园网的安全要求以及系统设计目标,对系统功能进行需求分析,将系统划分为身份认证、安全状态检查、网络接入控制和安全策略管理四大功能模块,并基于统一建模语言(Unified Modeling Language,UML),运用流程图、用例建模、类图和顺序图从多个维度对系统功能进行了需求建模。然后,在功能需求建模的基础上,对系统的框架进行了设计。考虑到在不同网络环境下能有较好的兼容性、扩展性以及灵活性,该系统采用了基础控制组件和功能组件分离的框架结构进行设计。最后通过功能测试以及简要阐述了该系统在实际应用中的运用效果,验证了在校园网中应用安全检测接入控制系统,能够在对原有网络进行较小变动的同时有效地提高整个网络的安全性。
[Abstract]:The development of information society, the network has become an indispensable part of people's daily life. The campus network as a major component of China's information technology education, as an important infrastructure construction of universities, administrative management in daily teaching, plays an important role in various scientific research activities and foreign exchanges. However, with the deepening of application the rapid expansion of the scale of the campus network, campus network, to ensure the normal, stable, safe operation is facing more and more severe challenges, the security of campus network has become the primary problem that can not be ignored. The current campus network construction in the Internet era, network security, campus network has become the hardest hit. Although put a lot of the establishment of the manpower resources, such as identity authentication, firewall, intrusion detection and other security systems, but these systems are based on the specific security The field, lack of integrated security architecture can be configured flexibly. In the face of new changes in the security situation, to timely adjust the security strategy in order to adapt to the new security challenges. Therefore, the establishment of a configurable front access control system based on rules is essential. In order to solve the above problems, this paper proposes a through combining with the network authentication products, computer network security status detection in computer system connected to the network solutions. The scheme, according to the actual demand, flexible configuration of security detection rules, and according to the security state of computer system security criterion defined by the rules, to meet the low security of computer system the requirements of the network access or limit the scope of isolation, and guide them to update the security state, so as to ensure that the computer system access network has certain safety The level of security risks and minimize the network may face. Firstly, from the current situation and characteristics of the campus network, analyzes the security problems faced by the campus network and the causes of these problems, summarizes the requirements of campus network security, and puts forward the design goals, the access control system security detection: to prohibit unauthorized the user access to internal network resources, affecting the safety strategy of the establishment of flexible mitigate security threats on campus network and strengthen the internal network monitoring control. According to the design target, user authentication required to extract the access control system security detection, terminal security status checking and network access control are the three basic characteristics, and the basis for the implementation of the system: network security access control technology. The design of the core idea of the system is based on the campus network access requirements Network equipment identity authentication and security checks. When meet the safety requirements of the network, which allows access to campus network access for cyber source; and do not meet the requirements of safety equipment for isolation, and guide them to improve the security state of itself, so as to ensure the safety and controllability of access equipment. Secondly, according to the safety requirements of campus net and the design target of the system, the demand analysis of the system function, the system is divided into security status checking, identity authentication, network access control and security management of four functional modules, and based on the unified modeling language (Unified Modeling, Language, UML), using the flow chart, use case modeling, class diagram and sequence diagram of modeling of system function from multiple dimensions. Then, based on functional requirements modeling, the system framework is designed. Considering the better in different network environment Good compatibility, scalability and flexibility, the system adopts the framework of control component and function component separation design. Finally through the functional test and briefly describes the application effect of the system in the practical application, verify the application of safety detection of access control system in the campus network, to the original network at the same time, small changes can effectively improve the security of the entire network.

【学位授予单位】：上海交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.18;TP393.08

【参考文献】

中国期刊全文数据库 前1条

1 宋经伟;;网络准入控制技术在终端安全管理系统中的应用[J];软件导刊;2014年02期

中国硕士学位论文全文数据库 前1条

1 李楠;内网安全管理系统中安全评估技术的研究与实现[D];北京邮电大学;2011年

，

本文编号：1702534