| Integration of resources within the enterprise's internal network needs the unified account management of the enterprise application systems, the host systems and other resources. The remote desktop access is commonly used by the maintenance personnel to remotely access a host in enterprise networks. However, traditional identity authentication of the remote desktop access based on user account and password has fallen far behind the need of the unified account management and the unified authentication in the enterprise's resource integration. The single sign-on mechanism of the remote desktop access provides a secure, unified, centralized way to access a host's resources within the network. In addition we design the unified security audit module to audit the maintenance personnel's network behaviors.Based on the analysis of the demand for the enterprise resource integration, and studied the remote desktop access protocol (including the RDP, VNC, and X-Window protocol), we design a proxy-based single sign-on and behaviors audit system for the remote desktop access. In order to solve the single sign-on issue of the remote desktop access protocols which are based on C/S structure, our system introduces techniques of proxy-based password filling, middle attacks, authentication mechanism and protocol parsed technology. And in order to achieve the demand of the unified security auditing, our system records all the session data in the log files based on the proxy, and implements the different playback modules respectively depending on the different remote desktop protocols. The system does not use the RDP client as the single client, so no conversion of different protocols is need, which can effectively ensure the characteristics and communication performance of the original protocol. In this paper, we design the system in detail, and implement the function of each module, then show the test results of running the system. |
PDF Full Text Request