Research And Implementation Of Enterprise Resource Security System

With the development of information technology, network is playing an increasingly important role for enterprises. Although the network improve the information management and work efficiency, it also threatens the security of enterprise information. The traditional perimeter-centric passive defense has could not trackle the security threats from inside of enterprise network. Base P2DR and information grid, this paper proposes a resource -centric security model called RCS. In this model, all the software, hardware, service and files are considered as a kind of resource which can be located by a data structure similar with metadata from information data grid. So you can make the uniform policy and manage all the resource through this structure. Comparing with adding technologies simply, this model integrates a variety of security technology as a whole so that every module can cooperate well. You can only add the new policy when a new kind of technology is imported. RCS has very good flexibility and extensibility.Based the RCS model, this paper designed a solution called ERMS(Enterprise resource security management). The system integrates file system filter driver and NDIS holding up technology to control the data storage and transmission, and it takes special USB Key and CA centre in PKI standard as the authentication mechanism. It manages all the equipments by the centralized management and certification by a server . It also records exceptions and abnormal behaviors of every user to watch the whole LAN.The experiments prove that the system can provide reliable user authentication mechanism and file management including file encryption and file access control .It can also stop the data leaking by mobile devices and illegal access devices. By capturing and monitoring all network packets, this system achieves the validity and security of information transmission. The system has stable performance, high efficiency and easy management, which is suitable for middle and small scale network of enterprise.