基于端口安全的三重認證技術的實現(xiàn)
發(fā)布時間:2019-05-10 13:31
【摘要】:計算機網(wǎng)絡安全技術是保障網(wǎng)絡綠色健康發(fā)展的重要條件,交換機等接入設備作為用戶與網(wǎng)絡的橋梁是保障網(wǎng)絡和用戶安全的最直接方式。能夠通過接入設備安全特性檢測的用戶準許使用網(wǎng)絡資源,反之則進行限制服務,所以黑客或者不法分子通常都是利用接入設備上端口的安全漏洞進行攻擊,使得用戶個人信息泄露或者竊取用戶流量和費用,所以保證端口安全尤為重要。傳統(tǒng)的交換機不能同時滿足MAC地址認證、802.1x認證和網(wǎng)頁認證三種認證方式。而三重認證方式將三種認證技術進行整合,以用戶的MAC地址作為唯一標識進行用戶身份的認證和信息管理。該認證技術在端口處于安全策略模式下通過報文控制不同認證功能的觸發(fā),對用戶接入網(wǎng)絡的請求做出處理,不僅可以對用戶信息進行驗證也可以對網(wǎng)絡流量進行實時監(jiān)控,保證雙向安全。本文首先在介紹基本認證理論的基礎上從功能和性能兩個方面分析了三重認證技術的用戶需求。其次提出了三重認證技術框架體系,并對三種認證技術的協(xié)議、理論和觸發(fā)過程進行了詳細的闡述。然后從三重認證技術的需求入手,設計實現(xiàn)基本認證協(xié)議框架及認證協(xié)議流程。在基于端口策略模式下,交換機網(wǎng)絡操作系統(tǒng)通過C/C++編程語言實現(xiàn)了用戶與本地服務器和遠程服務器報文交互過程,進而實現(xiàn)了用戶認證、授權和計費等功能,保證了用戶和網(wǎng)絡的雙向安全,也實現(xiàn)了在三種認證方式的優(yōu)先級策略,滿足了用戶可以根據(jù)自身需求選取不同方式進行認證的功能。最后搭建平臺環(huán)境進行了系統(tǒng)的測試,同時驗證了功能和性能滿足實際應用。
[Abstract]:Computer network security technology is an important condition to ensure the green and healthy development of the network. As the bridge between the user and the network, the switch and other access equipment is the most direct way to ensure the network and user security. Users who can detect the security characteristics of access devices are allowed to use network resources, whereas restricted services are imposed, so hackers or outlaws usually exploit security vulnerabilities in ports on access devices. Make the user personal information leak or steal user traffic and cost, so it is particularly important to ensure port security. The traditional switch can not satisfy MAC address authentication, 802.1x authentication and web page authentication at the same time. The triple authentication method integrates the three authentication technologies, and takes the MAC address of the user as the unique identity for the authentication and information management of the user identity. The authentication technology controls the trigger of different authentication functions by message in the security policy mode of the port, and processes the request of the user to access the network, which can not only verify the user information, but also monitor the network traffic in real time. To ensure two-way security. In this paper, based on the introduction of basic authentication theory, the user requirements of triple authentication technology are analyzed from two aspects: function and performance. Secondly, the framework system of triple authentication technology is proposed, and the protocol, theory and trigger process of the three authentication technologies are described in detail. Then, according to the requirement of triple authentication technology, the basic authentication protocol framework and authentication protocol flow are designed and realized. In the port-based policy mode, the switch network operating system realizes the message interaction process between the user and the local server and the remote server through C / C programming language, and then realizes the functions of user authentication, authorization and billing. It ensures the two-way security of the user and the network, and also realizes the priority strategy in the three authentication modes, which meets the function that the user can choose different ways to authenticate according to their own needs. Finally, the platform environment is built to test the system, and the function and performance are verified to meet the practical application.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.08
[Abstract]:Computer network security technology is an important condition to ensure the green and healthy development of the network. As the bridge between the user and the network, the switch and other access equipment is the most direct way to ensure the network and user security. Users who can detect the security characteristics of access devices are allowed to use network resources, whereas restricted services are imposed, so hackers or outlaws usually exploit security vulnerabilities in ports on access devices. Make the user personal information leak or steal user traffic and cost, so it is particularly important to ensure port security. The traditional switch can not satisfy MAC address authentication, 802.1x authentication and web page authentication at the same time. The triple authentication method integrates the three authentication technologies, and takes the MAC address of the user as the unique identity for the authentication and information management of the user identity. The authentication technology controls the trigger of different authentication functions by message in the security policy mode of the port, and processes the request of the user to access the network, which can not only verify the user information, but also monitor the network traffic in real time. To ensure two-way security. In this paper, based on the introduction of basic authentication theory, the user requirements of triple authentication technology are analyzed from two aspects: function and performance. Secondly, the framework system of triple authentication technology is proposed, and the protocol, theory and trigger process of the three authentication technologies are described in detail. Then, according to the requirement of triple authentication technology, the basic authentication protocol framework and authentication protocol flow are designed and realized. In the port-based policy mode, the switch network operating system realizes the message interaction process between the user and the local server and the remote server through C / C programming language, and then realizes the functions of user authentication, authorization and billing. It ensures the two-way security of the user and the network, and also realizes the priority strategy in the three authentication modes, which meets the function that the user can choose different ways to authenticate according to their own needs. Finally, the platform environment is built to test the system, and the function and performance are verified to meet the practical application.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2017
【分類號】:TP393.08
【相似文獻】
相關期刊論文 前10條
1 姚作,
本文編號:2473687
本文鏈接:http://www.lk138.cn/guanlilunwen/ydhl/2473687.html
最近更新
教材專著