| Authentication technology means some specified technical ways for computers or network systems to confirm the identities of the operators. How to ensure that the digital identity operator is just the legal owner of the digital identity, that is to ensure the operator’s physical identity matches the corresponding digital identity is a very important issue. In order to achieve fine-grained control of network resources and network security, security gateways need to identify the identity of the visitor effectively. There are some solutions that use visitor’s IP network segment or hostname to judge the identity. However, the IP address is uncertainty, those old judgments does not meet the needs of all management, and there are also problems that are difficult to expand. At this time it needs a more convenient way that is called User/Group authentication to help us achieve this demand.During the progress of processing network packets, security gateway can only achieve the sender’s IP address and port in network layer,but can not pick out the physical identity of the sendereffectively,in order to implement the User/Group authentication, the gateway system should maintenance a one-to-one mapping of an IP address and a user’s name information.For a new IP address,the person must provide specified authentication information to prove the information is correct;the gateway sends queries to a directory system which store employees’s information, if the directory system can prove the existence of a employee.it will return all the information necessary for the employee; then the gateway will see if those information matchs the permissions informationthan in the local database to determine if the employee can access certain types of network resources, or use a certain amount of bandwidth, if not,these requests would be abadoned.This way can help to manage the enterprise network effectively.In this paper, the author with internship experience in Trend Micro, would describe the development process of the security gateway authentication feature. The IWSVA (Interscan Web Security Appliance) products for the Web-based threats at the gateway for the enterprise network to provide dynamic, integrated security, to ensure the greatest degree of malicious programs before entering the internal network to be removed. IWSVA the safety program covering five major applications, including HTTP, HTTPS.FTP, SMTP and POP3, and block access to malicious Web sites in real time using a Web reputation technology (WRT).This paper first introduces related concepts such as security gateways and directory system, illustrates the need for advanced authentication features in the security gateway system, and then briefly describes the related architecture and detailed description about the designment and implement of the security gateway authentication system. At the end of the paper, we will conclude the existing problems and make some forecasts for the prospect. |
PDF Full Text Request