DCSM Intranet Security Management System

Nowadays the trend of security community is to be flat. An authentication system still cannot bring more value if it exists in isolation, even if it is as powerful as possible. In fact, authentication system has increasingly become a subsystem, which ensures that the intranet security mechanism can finally locate the specific equipment or specific personnel when security problems arise in enterprise network.Currently, a number of security firms have started to improve their own intranet security technology, and made an organic combination with the identity authentication system. The waterproof wall (SOC), DCBI authentication system, IDS, firewall, together form a DCSM intranet security management technology, to be the materialization of 3DSMP technology. In DCSM technology, however, five-element-control has been proposed. That is to say, user name, user ID, IP address, switch port, VLAN are bounded together to do further access control.On this basis, intranet security mechanism can make a judgment on users according to IDS/IPS'alert. Such as whether a user is launched an attack or whether a user is infected with a specific virus. For example, if it finds out that this user is scanning a specific port number, it will make the conclusion that this user has been infected with worm-type virus, and DCBI control center will make a real-time alert. If the alarm is invalid, the system will block a user's network connection. Through this complete authentication process, the system can clearly know the switch port and VLAN in which this user is, so block will be very accurate.To achieve a complete intranet security mechanism, firstly we need a centralized security authentication; followed by the deployment of supervisory system. IDS/IPS is responsible for monitoring the behavior of the network, judging whether there is some kind of attack or a certain virus, and carrying out concretely. It is very important to make the system have a reasonable implementation after the issue is judged. Blocking IP traditionally is ineffective for attacks and viruses now, for both the MAC address and IP address of attacks and viruses can change. Therefore, the effective way is that the system can locate a particular IP user after the security authentication, and then determine in which switch port the relevant incident occurred. So it can prevent blocking the entire IP subnet when taking action. In addition, through the use of 802. 1X protocol, the switch will be interacted up by the whole security system, which allows more accurate targeting of clients with security incidents.DCSM is made up with the server, client, switch, and other network security devices. Through the flexible combination of these units, we can achieve the goals that risk users can be isolated automatically, and smooth network running is ensured in a variety of network environments.In this paper, we introduce the research background and goals of the topic at first and then make a general description of this project's requirement. The whole system is divided into two parts, management system and client. Management system runs in the Industrial Personal Computer, and Hot Standby can be achieved. It contains user-device-adding, plot configuration, network device management, security servers and other functions while providing monitoring and maintenance of the system's running state.Client is loaded in the client computer which uses the network. Coordinating with management-side program, it brings about checking host security, setting to disable the specified procedures or equipments, patching installing automatically, upgrading anti-virus software and other functions.Based on the requirements overview, we compose a detailed requirements specification according to enterprise demand. In the management side, we mainly introduce the data formats and operating requirements of the resource and user management module, IP and MAC management module, authentication management module, network management module, the message communication module, SNMP& CLI processing module and monitoring module. In the client, we mainly introduce the data formats and operating requirements of the NIC detection requirements, the host patch scanning plug-in, anti-virus scanning plug-in,802.1x authentication plug-in, anti-host-ARP deception, anti-MAC-address theft, Clone PC, anti-agent, anti-DHCP Server, anti-enabled illegal software, white list software's not running alarm, message interception, receiving advertising information of service providers, client auto-upgrading and software distribution plug-in.In this paper, we describe the main framework, which can be divided into three layers from the distribution. They are Client layer (responsible for GUI), communication layer, server layer (responsible for request conversion and logic control). In accordance with the relevant operation, Client management is divided into Web management module, the administrator management module, user management module, authentication and security plot management module, device management module and server management module. Server management consists of request conversion part and logic control part. Request conversion module is responsible for the transformation between the request of client management and the request which can be coped with by logic handling part (including the starting and stopping of license control module).The innovation of this paper is as follows:1. Clients uses RCP framework, and it is of modularization. The whole platform is formed by the various components "plugin" and has light-coupling structure with strong expandability. While structuring a robust infrastructure, RCP Framework provides a rich UI features, help features, error handling characteristics.2. ExpansibilityOwing to the way of responsibility chain, each module only handles the request that can be resolved by itself. If the request cannot be handled by the current module, it will be handed to the next module. The advantages of using this model is that each module is only concerned with their own information processing, without considering whether the system is capable of handling the module or not. If you add a module, you should add it before the module that cannot be handled, or that is to say the end of the responsibility chain. As we know, it is similar to the implementation of linked list. So deleting a module needs only to connect the chain as well. Moreover, each module can be tested independently by using this model. As a result of many objects in our system, we use the way combine distribution with chain, which is using distribution to call each object in a module.3. XMLRPC is Remote Method Invocation (RMI) base on HTTP protocol, whose lifecycle is the same as Browser's access to HTTP Server. Compared with traditional RMI in JAVA, it is not only platform-independent, but also language-independent. With strong expandability, it is easy to realize and inherits all the HTTP features, including SSL, etc.In a word, we integrated the available resources and developed DCSM intranet security control system to cope with the problems administrators encounter in everyday use. In this paper, the whole system controls and manages the network by the way of management terminal's access, supplemented by network functions to realize the management of network equipment.