The Research And Implementation Of Network Access Control System

As the rapid development of network and computer, many new security challenges had come forth incessantly. While the traditional security protections pays more attention on network and servers, ignoring the access endpointand the protection is not effective as anticipation.In order to solve network security issues from the root where security threats are generated, Trusted Computing Group brought forward Trusted Network Connect architecture that achieves trusted network access through verifying integrality of endpoint, which become hotspot in network security and trust.In order to implement quantifying evaluation of endpoint trust state, after researching on some mature access authentication architectures and protocols, as well as theories about trust network,a mechanism of network access remediation based on trustworthiness is put forward, referring Extensible Authentication Protocol and 802.1X architecture.In this thesis, The main task include: First, an enhanced trusted network access scheme contains architecture, protocol,flow and policy is putforward.Then the concept and algorithm of trustworthiness are depicted.Third, robustness and correctness of the access mechanism is formalistly analyzed.At last, the access remediation system is designed, the application analyse and experiment is implemented.The creativities of this thesis include: First, the concept and algorithm of trustworthiness.Second, the design on trusted access and remediation mechanism,including archintecture, protocol,flow and policy.Third, the design on functional modules of trusted access remediation system.In the private network, terminal security access system is to ensure the safe operation of the internal network. In the event of a variety of security events generated by security after an illegal terminal access network accounted for a large proportion,therefore, the LAN access authentication and authorization host terminal is very necessary. Mechanism of network access remediation based on trustworthiness can implement quantifying evaluation of access endpoint, so that the correspond policy can be deployed. Endpoints that can’t satisfy access policies are prevented to gain access to network, while those who have the legal identity to perform remediation process can upgrade their trust to meet the access requirement. As a matter of fact, not only thesecurity of network is ensured, but also the practicality is enhanced.