Research On Military Network Security Protection System

Defense Technology Industry is a national strategic industry,it's an important manifestation of national interest.Military industrial enterprises concentrating a large amount of state secrets information.In order to ensure the security of state secrets,China has implemented the qualification certification system for those engaged in scientific research and production of military products and put forward corresponding requirements on the construction and use of the classified networks of military enterprises.Because of the increasingly serious security protection situation,military enterprises are facing more and more APT attacks which are difficult to prevent.Existing system login authentication technology,network access authentication technology,boundary access authentication technology,faced the problems with incomplete authentication audit,the access terminal lacks authentication mechanism,security domains with different secret levels lacks effective protective boundaries.Aiming at the shortage of existing research,this paper tries to adopt a new method to guard against APT attack,and combines three kinds of authentication methods: system login authentication,network access authentication and boundary access authentication,aiming at the characteristics of APT attack,we design a Military Network Security Protection System(MNSP system)of deep defense,which includes three functional modules: fixed point login authentication system with USB Key,network access authentication system with port binding,and boundary access authentication system with virtual application model.Fixed point login authentication system with USB Key,has designed a USB Key with dual factor authentication of hardware and software to realize the function of specific users to use specified USB Key and specific computer to log in to the secret network of military workers,and pre vent the APT attack from the login authentication.Network access authentication system with port binding binds and stores the four information of the user account,the computer MAC address,the IP address and the switch port number of the authentication s ystem into the database,and verifies the binding data to avoid the illegal users accessing the internal network through the port,and from the network access authentication to the APT Attack is a precaution.Boundary access authentication system with virtual application model is based on virtual desktop technology based on VDI(Virtual Desktop Infrastructure),and through virtual application interaction,the separation of computing and performance is realized.The entity between the client and the server does not transmit the information data,only the image of the change of the screen and the interactive information of the keyboard and the mouse are transmitted.In order to avoid cross domain transmission of entity data,APT attacks can be prevented from boundary access authentication.Through the test of fixed point login authentication system with USB Key,network access authentication system with port binding and boundary access authentication system with virtual application model of MNSP system,this paper validates the design function of the system.