Design And Implementation Of Information Security Support Components In LAN System

With the rapid development of computer technology and network technology, a large number of business systems have been built up in enterprises and institutions, which can increase the number of files in enterprises and organizations. There is a considerable part of the files are confidential files which need protection. However, these files are generally stored in the computer of various technical or core member of enterprises and institutions. Some employees may lack safety awareness or be week in prevention ability, which will make these confidential files face security threats from malicious staff.This paper comes from the actual project, which in order to provide security file management function for users in a LAN environment. First of all, the paper analyzes the security management technology at present briefly and puts forward a file security management model based on CA certificate authentication and data encryption and LAN system information security support components, including authentication server and client according to requirements.The authentication server is responsible for establishing a secure channel by negotiate a security channel parameter with the client, verifying the validity and effectiveness of the client device certificate and the user identity certificate, sending heartbeat packets to online users regularly, maintaining an online user list, updating and maintaining the session key. The component implements the device authentication and user authentication, ensure that each device allow only one user to login and only legitimate users can login. Authentication login is a kind of two-way authentication protocol based on X.509 Certificate in the PKI authentication model. Using Multilevel certificate, the mechanism of sharing key when building secure channel and the device/identity authentication based on secure channel to guarantee only legal user can log in to the system.When a user wants to do some file security management at the client, he must login the system through the authentication and manage files by some limited operations provided by access control system, that is, test whether the user has the authority to user the corresponding operation of the file by access control. File security management uses the encryption and decryption technology to achieve the security of the file. Access control provide authorization operation for the LAN components. The access control model combines role based and security level based access control, using the policy which is downloaded local after client device authentication passed, authenticate the file access,database access and component access of the user.In this paper, the function and performance tests of the system are carried out, and the detailed test cases are designed. The results are briefly analyzed. After rigorous testing and analysis, the system meets the requirement of application in the function and performance.