The Design And Implementation Of A Access Control System Based On Firewall

The rapid development of the Internet has brought many convenience and many problems to the people.One of the most serious problems is information security.It is well known that information security is a prerequisite for individuals to be competitive in the market for an enterprise.Enterprises in order to protect the security of the core technology usually use a firewall to prevent the external network access to internal network,thereby building a relatively safe network environment.In actual application,the effect of the firewall depends entirely on the firewall's security policy,access control is one of the important security strategy.Through the research of firewall technology and access control technology at home and abroad,combined with the practical application of enterprise a access control system based on firewall is implemented.The system is mainly used to control the different status of enterprise users to access internal resources or external network.The specific method is to focus on management of the users who are authenticated by different devices in the enterprise network to any one.Real-time synchronization Newly-learned users to the server in the firewall device guarantee the consistency of the users on the firewall devices in the whole network.Through make access control rules for the users in firewall to control the user's access behavior and audit,to achieve the purpose of protecting enterprise information security.The key to implementing the access control policy in this paper is to learn identity,user groups and online users from various sources such as server,CSV file and device local,and make the corresponding access control rules and execute according to the learned users.By synchronizing the user information on the firewall device to the intelligent management center server in real time to guaranteed the information of users in firewall device and server to be consistent.In order to ensure the efficiency of user access,the fast matching of the user and the user group and the fast processing of the user and user group information change are realized.User-mode and kernel-state packet matching and processing is implemented to determine whether the message is based on user identity rules match.The security policy is implemented by adding the non trusted users to the blacklist or filtering the message that does not meet the object policy.This access control system can effectively control the access behavior of the whole network users in the enterprise through the practical application in the enterprise.To a large extent to ensure that the enterprise's internal information security,compared to domestic and foreign enterprise users access control has a better practical value and significance.