| The wooden barrel effect makes network security problems complicated and difficult, which can lead to fall of the whole Intranet from one captured point permeated. The safety of Intranet has become an important issue for information security, and it's important to protect Intranet security by access control at present.This thesis analyzes and summarizes the intranet security problems and its root causes, proposes a framework of Terminal-oriented Intranet Security and the Access Control solutions for Intranal Terminal based on Security Policy. The main idea of the framework is:the terminals are centralized authenticate first, then the server uses the defined Policy Transmission Control Protocol to send strategy of the terminal and related code to terminal, the terminal implements the access control of resources based on the strategy and code.This thesis studies the Access control-related theories and key technologies. By expansion of RADIUS protocol, this thesis designs a Policy Transmission Control Protocol. In this protocol, agreements are designed to transfer endpoint security control strategies between servers and clients effectively. This method expands attributes of messages of RADIUS to carry policy and forms pre-transmit, retransmission, message transmission congestion QoS strategy, to ensure the reliability of UDP transmission.This thesis proposes the concept of access control method of user/terminal bound, security state of terminal, mode of access control authorization based on terminal role, the long-distance disposition, etc. A strategy transmission control protocol is designed and it can implement the relevant functional modules. The program and its modules achieve Policy-based network access control terminal thinking, of which two-factor authentication mechanisms, technologies of terminal authorization and Strategy deployment have important practical significances for enriching the means of security control of the network. |
PDF Full Text Request