| The current enterprise network technology is a variant of the Internet,also openness to everyone connected to network.The openness of the network improves the adaptability and scalability of the enterprise network,but also lead to the host connected to the enterprise network can publish service freely.On the one hand,that generates a lot of weakness for attackers,then make the enterprise network security protection has more complex problems.On the other hand,network services can be the basis of network attacks,for example,Trojans,Botnets and DDoS attacks are based on anonymous services.Therefore,controling the publish and access of the anonymous services on the enterprise network in an effective way is the important way to improve the enterprise network's safety protection ability.This paper researchs for the enterprise network service control system structure and the distribution of mechanism and has three key techniques:Firstly,in this paper we propose a service control system named SCEN(Control for the Enterprise Network),which can be used to control the service's publish and access behavior,and ease the problem of internal cooperative attack.Additionally,it can not only avoid the configuration errors,but also can extend the scalability of the network.Secondly,in this paper we propose an application layer multicast protocol named SALM(Scalable Application Layer Multicast).SALM can greatly reduce the network's system load and network load,and improve the scalability of SCEN system,which let SCEN system have the ability to adapt the large-scale enterprise network.At last,we design and implement a prototype of SCEN system,and make experiments to verify several key technologies.The experiment results show that the system can effectively control the illegal traffic in the enterprise network,at the same time have lower overhead,therefore SCEN system can improve the enterprise network's safety protection ability. |
PDF Full Text Request