基于端口安全的三重认证技术的实现
发布时间:2019-05-10 13:31
【摘要】:计算机网络安全技术是保障网络绿色健康发展的重要条件,交换机等接入设备作为用户与网络的桥梁是保障网络和用户安全的最直接方式。能够通过接入设备安全特性检测的用户准许使用网络资源,反之则进行限制服务,所以黑客或者不法分子通常都是利用接入设备上端口的安全漏洞进行攻击,使得用户个人信息泄露或者窃取用户流量和费用,所以保证端口安全尤为重要。传统的交换机不能同时满足MAC地址认证、802.1x认证和网页认证三种认证方式。而三重认证方式将三种认证技术进行整合,以用户的MAC地址作为唯一标识进行用户身份的认证和信息管理。该认证技术在端口处于安全策略模式下通过报文控制不同认证功能的触发,对用户接入网络的请求做出处理,不仅可以对用户信息进行验证也可以对网络流量进行实时监控,保证双向安全。本文首先在介绍基本认证理论的基础上从功能和性能两个方面分析了三重认证技术的用户需求。其次提出了三重认证技术框架体系,并对三种认证技术的协议、理论和触发过程进行了详细的阐述。然后从三重认证技术的需求入手,设计实现基本认证协议框架及认证协议流程。在基于端口策略模式下,交换机网络操作系统通过C/C++编程语言实现了用户与本地服务器和远程服务器报文交互过程,进而实现了用户认证、授权和计费等功能,保证了用户和网络的双向安全,也实现了在三种认证方式的优先级策略,满足了用户可以根据自身需求选取不同方式进行认证的功能。最后搭建平台环境进行了系统的测试,同时验证了功能和性能满足实际应用。
[Abstract]:Computer network security technology is an important condition to ensure the green and healthy development of the network. As the bridge between the user and the network, the switch and other access equipment is the most direct way to ensure the network and user security. Users who can detect the security characteristics of access devices are allowed to use network resources, whereas restricted services are imposed, so hackers or outlaws usually exploit security vulnerabilities in ports on access devices. Make the user personal information leak or steal user traffic and cost, so it is particularly important to ensure port security. The traditional switch can not satisfy MAC address authentication, 802.1x authentication and web page authentication at the same time. The triple authentication method integrates the three authentication technologies, and takes the MAC address of the user as the unique identity for the authentication and information management of the user identity. The authentication technology controls the trigger of different authentication functions by message in the security policy mode of the port, and processes the request of the user to access the network, which can not only verify the user information, but also monitor the network traffic in real time. To ensure two-way security. In this paper, based on the introduction of basic authentication theory, the user requirements of triple authentication technology are analyzed from two aspects: function and performance. Secondly, the framework system of triple authentication technology is proposed, and the protocol, theory and trigger process of the three authentication technologies are described in detail. Then, according to the requirement of triple authentication technology, the basic authentication protocol framework and authentication protocol flow are designed and realized. In the port-based policy mode, the switch network operating system realizes the message interaction process between the user and the local server and the remote server through C / C programming language, and then realizes the functions of user authentication, authorization and billing. It ensures the two-way security of the user and the network, and also realizes the priority strategy in the three authentication modes, which meets the function that the user can choose different ways to authenticate according to their own needs. Finally, the platform environment is built to test the system, and the function and performance are verified to meet the practical application.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
[Abstract]:Computer network security technology is an important condition to ensure the green and healthy development of the network. As the bridge between the user and the network, the switch and other access equipment is the most direct way to ensure the network and user security. Users who can detect the security characteristics of access devices are allowed to use network resources, whereas restricted services are imposed, so hackers or outlaws usually exploit security vulnerabilities in ports on access devices. Make the user personal information leak or steal user traffic and cost, so it is particularly important to ensure port security. The traditional switch can not satisfy MAC address authentication, 802.1x authentication and web page authentication at the same time. The triple authentication method integrates the three authentication technologies, and takes the MAC address of the user as the unique identity for the authentication and information management of the user identity. The authentication technology controls the trigger of different authentication functions by message in the security policy mode of the port, and processes the request of the user to access the network, which can not only verify the user information, but also monitor the network traffic in real time. To ensure two-way security. In this paper, based on the introduction of basic authentication theory, the user requirements of triple authentication technology are analyzed from two aspects: function and performance. Secondly, the framework system of triple authentication technology is proposed, and the protocol, theory and trigger process of the three authentication technologies are described in detail. Then, according to the requirement of triple authentication technology, the basic authentication protocol framework and authentication protocol flow are designed and realized. In the port-based policy mode, the switch network operating system realizes the message interaction process between the user and the local server and the remote server through C / C programming language, and then realizes the functions of user authentication, authorization and billing. It ensures the two-way security of the user and the network, and also realizes the priority strategy in the three authentication modes, which meets the function that the user can choose different ways to authenticate according to their own needs. Finally, the platform environment is built to test the system, and the function and performance are verified to meet the practical application.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 姚作,
本文编号:2473687
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2473687.html
