| From an analysis of current network security, we find that there is a flood of unhealthy endpoint devices in network, which are vulnerable computers or computers that are doing harm to network. Such unhealthy endpoints may not only be the victims of an attack but also be used by hackers as bridges through which computer viruses are spread, which will make network un-trusted. In an un-trusted network, there are actions that network administrator cannot control. All in a word, unhealthy endpoint devices will do a lot of harm to network security.Based on the above background, the major goal of this article is to design a new solution to build up a trusted network, which reduces the affect of unhealthy endpoint devices. The basic theory is to control network access privileges of endpoints by evaluating their security through which unhealthy endpoints will be excluded. After unhealthy endpoints are excluded from accessing network, the network is trusted and healthy, which doesn't have any weakness that can be used by hackers. Such a trusted network can effectively defend against threats and reduce frequency of attack.This article designs a Network Access Control System based-on Security Evaluation that integrates Network access control and Security evaluation. This system is the basis of building up a trusted network. This system follows traditional architecture of network access control system and adequately utilizes current resources. This system is designed by three-layer model, which is easy to maintain and manage. This system uses plug-in, which is easy to extend by adding new plug-in programs. This system evaluates system security of endpoints by vulnerability assessment and network traffic abnormity detection based-on host, which can evaluate both known and unknown weakness and improve accuracy of evaluation. Smart Client is also be used in this system, which reduces maintenance cost of traditional C/S model. The network access control system based-on security evaluation mentioned in this article is a new solution that defends against threats of unhealthy endpoint devices, which can improve defense ability by controlling unhealthy endpoints from accessing network. This system is of high value to be researched and applied.This article first analyzes the current network threats and weakness of current network security system, and introduces the related technique. And then, this article mainly introduces the system architecture, three-layer model and design and implement of modules. This system includes the following modules: communication module, security... |
PDF Full Text Request