Design And Implementation Of Security System In Enterprise IT Infrustructure Based On Unified Identity Authentication

With the trends of economic and Information Technology, the business of corporation is more relies on the level of its IT infrastructure especially for those whose branch offices are all around the nation or world. It is therefore essential for the corporation assuring the security and stability of the IT infrastructure.In the project the author proposes an entire solution IT security structure for the corporate of China Netcom Corp., which is based on the knowledge learned from BUPT and the experience of providing the relative solution to the corporations. From the project, I got some conclusion as below: The challenge comes from different sides. The corporation has to use a set of tools to protect herself and it will be better if the tools can work together efficiently. Only the people, the employee of the corporation, would run all the tools together. So it is a good idea to set a system to cover all the employee accounts and manage the identification. It would help to leverage all kinds of IT resources, save cost and bring more benefit.In the project, my major works are:1, finding typical sample province, researching the DCN network problem and the requirement of security, getting the detail requirement from network, servers and terminals and finally providing the research report.2, designing the architecture of Unified Identity Management System, comparing the current popular technical and products and choosing Microsoft AD as the basic platform3, planning the functionality of the Unified Identity Management System from the perspective of information storage, information synchronization, network identifying, authentication method, redundancy and disaster recovery.4, based on the Unified Identity Management System, designing in detail and deploying the subsystems of terminal access quarantine, terminal update, terminal Internet access control, IPS/IDS and host running monitor.5, functional designing, detailed designing and programming for the terminal access quarantine subsystem.6, working as project manager and technical leader, rolling out the system for the nationwide offices.As the progress of Information Technology and the business development of big corporation, the requirements will be boomed to setup entire security protecting system. This thesis can benefit them and may be applied to more corporations.