The Research Of Network Information Security Management Based On Campus Network

With the booming development of Internet, CERNET (China Education and Research Network) passed her childhood, growing up gradually. Now she is stepping to her mature age, and combined research, management and application functions with her. Because a lot of management functions and applications are gradually expanding in campus network, the number of non-professional users are also rapidly growth, the after-effects phenomena caused by the errors in the use more and more obvious, so that the campus network security management is particularly prominent.The campus network applications and services are various. Users access the different application services to log in the application system frequently, only the user enters the correct user name and password to the authentication system, they can be granted the permission to access the application services. Which not only bring inconvenience to users, but also bring inconvenience to the campus network security management. Because of the different applications have their own security measures, which enable administrators to manage permissions greatly increased complexity.In order to realize of security certification, the security problems are analyzed in this thesis on the campus network security authentication system, a set of identity authentication system is designed, which can be integrated well with the application server. Under the security premise, the user access with the intelligent card, only need to identify the fingerprint of user when they access the system firstly, and get the ticket. In the validity of ticket, user can access all application services without further authentication in the campus network. The other processes of all application services are transparent to users. In the design of authentication system, the protocol process of authentication system is described. In accordance with the protocol process, the function modules are divided and analyzed. In the authentication system, in order to solve the transparent problem on the user accessing, we introduce the client proxy and server proxy to achieve. As the same time, we use the PKI public key cryptosystem to achieve the transmission of user's encrypted information.In order to the authentication management, an access control system based on RBAC(Role-Based Access Control ) is actualized under the campus network environment, the overall structure and key technology is designed, and makes much further research for an extended access control model– ERBAC(Extended Role-Based Access Control), which enables the RBAC model more perfect.