| With the expansion of the Internet industry,the Internet has penetrated people's work,life,and learning.It has also been applied to all walks of life in the national economy and the people's livelihood.While providing great convenience,it has also played an increasingly important role in improving the overall national strength.However,due to the lack of security of the network communication protocol itself,Intermet information security is threatened,and network security has become a practical problem that must face.As a kind of network security research content,authentication gateway can combine network authentication technology to improve the security of network access.AAA is a management mechanism for network security access control.The RADIUS authentication server is the most widely used AAA protocol.Due to modem network services are becoming more and more abundant,the demand of network services is increasing.At present,the standard attributes of RADIUS attribute dictionary are scarce,which leads to a variety of network service requirements that cannot be solved.Based on the expandable nature of RADIUS protocol attributes,it can add RADIUS private extension attributes that we need,and apply other network-related technologies to modern gateway authentication.This paper focuses on the requirements of network authentication and authorization.Based on the analysis of the working principles of AAA authentication services and the extended attributes of RADIUS protocols,the authentication,authorization,and accounting functions of the gateway are fully utilized,and a NAS system is studied and implemented.In the authorization part of the system,it proposes a RADIUS private extension attribute:User-Role attribute,authorization attribute,and the system authorizes the user to access network resources according to the user's role.Based on this,combined with the Netfilter/iptables packet filtering mechanism under Linux,different filtering rules are injected into Netfilter according to the different attributes of the authorization,so as to make up for the lack of authorization of the modern gateway authentication network resources,and to achieve the user authentication and Users access centralized management of network resources.In addition,the system proposes to use Netflow technical standards to accurately implement user network accounting on the implementation of billing,and to improve the flow aging method to further improve billing efficiency.In summary,the system includes three functional modules:user authentication,authorization,and billing.It is a secure and practical authentication and authorization gateway system. |
PDF Full Text Request