Research And Design On Strategy Consistency In Multi-Domain Network Security Management System

With the development of network technology, how to more effectively, safety management of large networks become a very important research subject. Policy-based network management technology, different from the traditional network management technology, detach management from enforcement in network management. Policies, defined by network administrators, are explained to network command automatically by each device, all described above make network security management more intellectualized.In large-scale network environment, single model of network security management system can't satisfy demand. Through the introduction of the concept of the domain, Multi-domain network security management system can greatly simplify the complexity of network security management; improve the safety of large-scale network management efficiency, but also the introduction of strategy consistency problem caused by inter-domain interaction. How to resolve the inter-domain interaction problem of strategy, thus effectively eliminate strategy consistency problem in multi-domain network security management system is an important research topic.This paper first introduces network security management system and policy-based network security management model, and domain-based security management model, then analyses the main reasons of security consistency problem. Based on this, through the introduction of hierarchical distributed system model, security administrator has more flexible security management mechanisms. Then by use of RBAC-based inter-domain access mechanisms, the model effectively resolve security consistency problem caused by inter-domain interaction of strategy. At the end, this thesis gave a focused introduction on design and implementation of key functions of the solution.Emphatically from the macroscopic and microscopic, this article introduced multi-domain network security management system, strategy management model, strategy consistency problem, and also the improved solutions, which focuses on system management model, strategy management model and inter-domain access mechanisms. Work in this thesis sets up the foundation for further research on policy-based network security management.