發(fā)布時(shí)間：2019-05-10 13:31

【摘要】：計(jì)算機(jī)網(wǎng)絡(luò)安全技術(shù)是保障網(wǎng)絡(luò)綠色健康發(fā)展的重要條件,交換機(jī)等接入設(shè)備作為用戶(hù)與網(wǎng)絡(luò)的橋梁是保障網(wǎng)絡(luò)和用戶(hù)安全的最直接方式。能夠通過(guò)接入設(shè)備安全特性檢測(cè)的用戶(hù)準(zhǔn)許使用網(wǎng)絡(luò)資源,反之則進(jìn)行限制服務(wù),所以黑客或者不法分子通常都是利用接入設(shè)備上端口的安全漏洞進(jìn)行攻擊,使得用戶(hù)個(gè)人信息泄露或者竊取用戶(hù)流量和費(fèi)用,所以保證端口安全尤為重要。傳統(tǒng)的交換機(jī)不能同時(shí)滿足MAC地址認(rèn)證、802.1x認(rèn)證和網(wǎng)頁(yè)認(rèn)證三種認(rèn)證方式。而三重認(rèn)證方式將三種認(rèn)證技術(shù)進(jìn)行整合,以用戶(hù)的MAC地址作為唯一標(biāo)識(shí)進(jìn)行用戶(hù)身份的認(rèn)證和信息管理。該認(rèn)證技術(shù)在端口處于安全策略模式下通過(guò)報(bào)文控制不同認(rèn)證功能的觸發(fā),對(duì)用戶(hù)接入網(wǎng)絡(luò)的請(qǐng)求做出處理,不僅可以對(duì)用戶(hù)信息進(jìn)行驗(yàn)證也可以對(duì)網(wǎng)絡(luò)流量進(jìn)行實(shí)時(shí)監(jiān)控,保證雙向安全。本文首先在介紹基本認(rèn)證理論的基礎(chǔ)上從功能和性能兩個(gè)方面分析了三重認(rèn)證技術(shù)的用戶(hù)需求。其次提出了三重認(rèn)證技術(shù)框架體系,并對(duì)三種認(rèn)證技術(shù)的協(xié)議、理論和觸發(fā)過(guò)程進(jìn)行了詳細(xì)的闡述。然后從三重認(rèn)證技術(shù)的需求入手,設(shè)計(jì)實(shí)現(xiàn)基本認(rèn)證協(xié)議框架及認(rèn)證協(xié)議流程。在基于端口策略模式下,交換機(jī)網(wǎng)絡(luò)操作系統(tǒng)通過(guò)C/C++編程語(yǔ)言實(shí)現(xiàn)了用戶(hù)與本地服務(wù)器和遠(yuǎn)程服務(wù)器報(bào)文交互過(guò)程,進(jìn)而實(shí)現(xiàn)了用戶(hù)認(rèn)證、授權(quán)和計(jì)費(fèi)等功能,保證了用戶(hù)和網(wǎng)絡(luò)的雙向安全,也實(shí)現(xiàn)了在三種認(rèn)證方式的優(yōu)先級(jí)策略,滿足了用戶(hù)可以根據(jù)自身需求選取不同方式進(jìn)行認(rèn)證的功能。最后搭建平臺(tái)環(huán)境進(jìn)行了系統(tǒng)的測(cè)試,同時(shí)驗(yàn)證了功能和性能滿足實(shí)際應(yīng)用。
[Abstract]:Computer network security technology is an important condition to ensure the green and healthy development of the network. As the bridge between the user and the network, the switch and other access equipment is the most direct way to ensure the network and user security. Users who can detect the security characteristics of access devices are allowed to use network resources, whereas restricted services are imposed, so hackers or outlaws usually exploit security vulnerabilities in ports on access devices. Make the user personal information leak or steal user traffic and cost, so it is particularly important to ensure port security. The traditional switch can not satisfy MAC address authentication, 802.1x authentication and web page authentication at the same time. The triple authentication method integrates the three authentication technologies, and takes the MAC address of the user as the unique identity for the authentication and information management of the user identity. The authentication technology controls the trigger of different authentication functions by message in the security policy mode of the port, and processes the request of the user to access the network, which can not only verify the user information, but also monitor the network traffic in real time. To ensure two-way security. In this paper, based on the introduction of basic authentication theory, the user requirements of triple authentication technology are analyzed from two aspects: function and performance. Secondly, the framework system of triple authentication technology is proposed, and the protocol, theory and trigger process of the three authentication technologies are described in detail. Then, according to the requirement of triple authentication technology, the basic authentication protocol framework and authentication protocol flow are designed and realized. In the port-based policy mode, the switch network operating system realizes the message interaction process between the user and the local server and the remote server through C / C programming language, and then realizes the functions of user authentication, authorization and billing. It ensures the two-way security of the user and the network, and also realizes the priority strategy in the three authentication modes, which meets the function that the user can choose different ways to authenticate according to their own needs. Finally, the platform environment is built to test the system, and the function and performance are verified to meet the practical application.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 姚作，

本文編號(hào)：2473687