The Design And Implementation Of Security Management Center In Trusted Terminal Management System

As a low-cost & secure scheme of formatting a network, VPN is becomming more and more popular with enterprise users. Most existing VPN security technologies focus on the verification of users'identity, and the protection of transmitting data's privacy and integrity, but ignored the verification and protection of integrity of clients' computing platform, which creates serious security risks of VPN application.The trusted terminal management system has two purposes. The first is to connect current trusted computing technology such as building trusted chain with VPN, so as to add the assessment function of the credibility of the VPN clients, and to ensure the integrity of VPN clients'computing platform. Secondly, the system also implements policy-based reliability certification and management, customizes and applies specific policy by organization or single user, and controls pro-actively the untrusted terminal trying to income the VPN, in order to compensate for blind spot in enterprise security. This paper focuses on the design and implementation of security management center in the trusted terminal management system and other related issues. It's elaborated from three respects:design of construction, implementation of each module and function test. As one of the key components of trusted terminal management system, security management center aims at providing a uniform management and audit platform, which can be accessed anytime and anywhere. So it's divided into two parts:the system console platform and the audit system, and respectively described from design, implementation, and testing.The system console platform eventually provides real-time display of client information and the host platform for system administrators to provide operations for credible assessment. It can also display the current policies, and make the system administrator publish a new specific policy to control terminals in VPN. The audit system ultimately acts to show the client hosts'behavior log and the managers'log, and provides functions to implement log management.