Key Technologies Of The Computer Desktop Security And Realization

The security attacking model of outer network supposes that the inner-mesh is not dangerous and can be trusted, and all the threat come from the Foreign Network, normally through the peripheral interface between inside and Foreign Network. However, the inner-mesh's attacking model is greater more understandable and special contrast to the foreign network security model. It points out that in the inner-mesh, any PC, consumer or network is dangerous or not trustable. Attacking might either come from the outside world, or any position of the inner-mesh. So beneath this security attacking model of inner-mesh, we have to get more special security control management for all the component points and participants.The inner-mesh security monitoring and audit management system's object is to offer a kind of unique layout for the inner-mesh's security architecture, and assist companies build conprehensional information anti-releasing system and watch the employees'working statuses by small-granularity security control methods, which lead to a manageable ,controllable and trustable inner-mesh, plus an improvement of company productivity. This system also is able to keep the security situation of ever personal computer in inside network under surveillance and can log its illegal behavior on the basis of the administrator's policy.The inner network security monitoring and audit management system is based on the static security recovery strategies. For every entity of the inner-mesh, consisting of PC, peripheral device, file and employees, storage device, the system would provide appropriate and full-scale security controlling, lifecycle management, authorization administration, identity accreditation, data encryption, and watching and audit. Via using distributed accreditation administration which is based on the mechanism of role-based access control, the system connects the user popedom with the roles. It divides the fields referring to the layers of enterprise organization, and manages the consumers and roles via fields. The system is designed on the basis of the structure of"server-console-controlled agent", where the controlled agents will automatically register themselves upon the server. The system both supports multilevel deploying from monopole to a enterprise inner-mesh ,including several LANs over Internet.