Research And Implementation Of Identity Authentication In Intranet Security Management System

At present, many computer networks are suffering from a serious security threat, especially the intranet security, which has become hidden danger for the management of enterprises and institutions. As the first hurdle to guarantee the security of the intranet, authentication plays a vital role, because all the other security services are dependent on it and its failure could lead to the failure of the entire system.The traditional authentication is based on user account and password form, which has a series of hidden dangers, for example, the password can be easily speculated and intercepted, and the identity can be faked. For this situation and the needs for the management system of intranet security, part of authentication in the terminal system is researched and realized in this thesis with the help of USB Key and PKI, which resolves the contradiction between the security and the usability of the traditional authentication.The research background and basic theoretical knowledge related to identity authentication in the management system of intranet security is firstly introduced. Then a module of the identity authentication of this system is presented and analyzed in detail. Based on this module, a set of unified management tools for user authentication information is then explored and implemented to enable the binding between USB Key and user identity, which plays an important role in the management system of intranet security. Two approaches are proposed based on login authentication of the terminal system and authentication of network access. One is login authentication of Windows based on USB Key. It can improve the security of login authentication in Windows through customizing login module GINA with strategies for security login. The other one is authentication of network access based on 802.1x protocol. It can effectively prevent unauthorized users or device to access the network illegally by customizing client of authentication with switching equipment. At the same time, these two approaches adopt the authentication of USB Key instead of the authentication of user identity in order to eliminate the need for frequent input of account and password, which embodies thoughts in designing the management tools of user information.These two approaches are both tested systematically. Furthermore, the whole research is concluded and viewed.