The Research Of Enterprise Network Admission Control And Endpoint Protection

The Guangdong Power Grid Corporation(GPGC) has a very large scale computernetwork with a huge quantity of information access points. With a number of securityprotection measures deployed, there are still many terminal caused security problems occured.Uncontrolled access of the foreign computers or unsafe internal computers to network is themain source of thread because they may bring illegal access and virus. It must be controlledfrom the source to solve this security problem, such as making admission control withauthentication and security checking to the computers attempting to access the enterprisenetwork. By this means, it can ensure the safety of computer, as well as raise the safety of thewhole enterprise network, and it has significance in the production, operation andmanagement of GPGC. So it is very necessary to deploy network admission control andendpoint protection system in GPGC network.The main purpose of this project is to research the application of network admissioncontrol and endpoint protection technology in GPGC network and determine the technicalsolution and specification, combined with the actual situation of the enterprise, providingguidance for subordinate units. The following are the result of this project.1. By analyzing and comparing variety of current network admission controltechnologies, make the general scheme of admission control. It is based on the IEEE802.1xprotocol, combining user authentication and host security status checking, put the admissioncontrol point on the ports of edge switches.2. Analyze the current situation of GPGC network and information systems, study themethod of deploying network admission control system in the current network environment.3. Describe the implementation procedures of system depoyment, including how to setupthe admission control server, basic network and clients step by step.4. Design the GPGC network admission control system construction model, includingequipment selection, construction mode, function requirements, construction schedule, systemscale and investment estimation. It provide instruction for the next phase of construction.The successful deployment of this system, not only resolve the pre-existing problem ofuncontrolled network access and enpoint security, but also significantly improve the securityof GPGC network and it bearer services.