| With the rapid development of social informatization,the security threat of the enterprise network has aggravated and the concept of “terminal” in the enterprise Intranets has grown more and more broad.How to avoid the enterprise network's access to the illegal terminal and how to ensure the availability,integrity and confidentiality of the enterprise network and data and prevent the terminal identification being forged become an important topic on building a trusted network and protecting the enterprise information security.The main work of this thesis is as follows.Combined with the thesis,it carries out the overall design of the system on the basis of needs analysis.The thesis not only compares 4 kinds of network admission control technology(DHCP,802.1,ARP and TCP RST)with the admission products on the market but also respectively analyzes their own advantages and disadvantages.On such basis,the thesis explores the network admission control system's main implementation processes and the relationship between these processes and expounds the principles,contents and methods of constructing the network admission control system,achieving the combination of strategy,technology and management.In the stage of demand analysis,the design models of network admission control system are proposed.Describing two admission models,TCP RST and 802.1X and the implementation of compliance checking models,the part of Design and Implementation discusses the whole system process and system structure.What's more,the functions of compliance checking models,Portal certificate and the key models based on 802.1X and TCP RST admission block control are verified in the thesis.According to the system test,the system has been already applied to practical work. |
PDF Full Text Request