CN109768872A - A kind of ID-Nac system of real name ID network management platform - Google Patents
A kind of ID-Nac system of real name ID network management platform Download PDFInfo
- Publication number
- CN109768872A CN109768872A CN201711099563.0A CN201711099563A CN109768872A CN 109768872 A CN109768872 A CN 109768872A CN 201711099563 A CN201711099563 A CN 201711099563A CN 109768872 A CN109768872 A CN 109768872A
- Authority
- CN
- China
- Prior art keywords
- module
- network
- management
- control module
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to technical field of network management, especially a kind of ID-Nac system of real name ID network management platform, comprising: the first control module, the second control module, third control module, the 4th control module and CPU;First control module, the second control module, third control module, the 4th control module are communicated to connect by system bus and CPU.The present invention can help user to realize the target of " the whole network is visual, illegal controllable, legal manage ".
Description
Technical field
The present invention relates to technical field of network management more particularly to a kind of ID-Nac system of real name ID network management platforms.
Background technique
As the brain and nervous centralis of network, network management platform guarantees to save in network by monitoring and controlling network
What is communicated between point is smooth, and obtains network between performance and consumption and effectively balance.It is wanted to reliability and safety
Very high commercial network real-time control field is asked, the importance of network management platform is especially prominent.High reliability, hard real-time,
High security and tight confidentiality requirement network management platform can be under the premise of guaranteeing network communication smoothly, it is ensured that in network
Node can be accessed by entity that other have been authorized, support the relevant diagnostic service of network, prevent hacker, unauthorized account abnormal
It logs in.This means that the performance of network management platform and implements network management technology must reach between network bring burden
To balance.
Commercial network real-time control field is mostly used based on TCP/IP transport protocol, hardware firewall, software virus at present
The network managing mode in library manages the safety of commercial network.The network that these Network Management Protocol belong to static nature connects
Mouthful, accurate real-time fault message can be provided for fault diagnosis system, with certain error situation, but and commercial network
It is required that ensuring that the requirement of extremely low serious forgiveness, energy " perfectly safe " also differs greatly.
With enlivening for business activity, volume of transmitted data sharp increase.Business circles are for the integrality of its information and reliable
Property is increasingly paid close attention to.Information technology administrators are needed in corporate networks, enterprise network or the customer network that management is provided by ISP
Carry out safe communication.Due to may relate to the confidential information of enterprise, communication security is most important.Reach safety requirements,
Conventional method is that an individual connection is provided by phone or other personal communication apparatus, and this method is both inconvenient or not
It is economical.
Summary of the invention
The present invention only can not achieve in the prior art: the whole network is visual, it is illegal it is controllable, legal can pipe aiming at the problem that, provide
A kind of ID-Nac system of real name ID network management platform.
The present invention using following technical scheme in order to solve the above technical problems, realized:
Design a kind of ID-Nac system of real name ID network management platform, including the control of the first control module, the second control module, third
Module, the 4th control module and CPU;First control module, the second control module, third control module, the 4th control mould
Block is communicated to connect by system bus and CPU;
First control module includes four kinds of network protocol mode interfaces: DHCP, ARP, SNMP, RDP;IP address management
Tool: IPAM, the whole network IPAM, IP matrix diagram;Trunk schema management module, VLAN schema management module;Enter network termination and equipment
Fingerprint identification module, equipment are from registration module;Illegal terminal, equipment, which network, alarms and blocks module;Switch port manages mould
Block, network security threats locating module MAC/IP/ switch port/host name binding module;Four kinds of first control module
Network protocol mode interface: DHCP, ARP, SNMP, RDP need to connect different external interfaces according to different;The IPAM
It is integrated with the center virtual machine manager in CPU to enable virtual ip address space management, the whole network IPAM is mutual by connection
The form of networking enables virtual ip address space management, and the IP matrix diagram and IPAM, the whole network IPAM communicate to connect;It is described
Trunk schema management module realizes remote network management by external relay form;It is described enter network termination and device-fingerprint
Identification module, equipment are communicated to connect from registration module in the rear end of four kinds of network protocol mode interfaces;The illegal terminal, equipment
It networks and alarms and module is blocked to be equipped with signal deteching circuit and warning circuit;
Second control module includes User ID management module;The domain AD, LDAP, Radius, SQL database;Two kinds are stepped on
Record schema management module: the domain AD single-sign-on module and automatic/Manual synchronization domain account module;Two kinds of user management modules: it uses
Family from registration, from service management;Managing caller, visitor's online empowerment management;IP address issues module;Two-factor authentication module;
User/MAC/IP/ switch port/host name binding management;User ID management module is mainly responsible for the storage of user's registration ID;
The domain the AD single-sign-on module control domain AD work, and result is fed back into CPU;
The third control module includes software distribution, remote assistance module;USB flash disk disabling, reading and writing, control extension module;
Software and hardware asset management, hardware resource exceptions alarm module;Terminal software, process, service, anti-virus, Registry Checking module;
Terminal hardware inspection, mobile terminal IMEI/IMSI/SN check module;Windows patch checks module;The interconnection of prevention intranet and extranet,
Illegal external connection checks module;Peripheral equipment management, control, information monitoring module;
4th control module includes concentrating to issue security policy module, data distribution formula synchronization module, data storage
Module, data memory module, more set system each other calamity for module.
Preferably, the ID network management platform operating system are as follows: Windows, Android, IOS, Linux.
Preferably, the CPU is 64 systems.
Preferably, the IPAM and the whole network IAM network address way to manage are fixed network address management and dynamic web addresses management two
Kind mode.
Preferably, the system of real name network address distribution method are as follows: first register through network address of reallocating after authenticating.
Preferably, the User ID management module to log audit equipment, IPS and IDS equipment, firewall, interchanger,
The equipment such as radio reception device and flow control are managed by people, by department, by rank.
The present invention provides a kind of ID-Nac system of real name ID network management platform, the beneficial effect is that:
(1) powerful network automatically administrative skill is provided, monitors the whole network in real time, realizes the discovery of various kinds of equipment and accurate
Positioning;By forms such as figure, image, report and colors, terminal, equipment and the IP address etc. of Intranet are shown intuitively, with open arms
The multidate information and statistical information of disparate networks entity.
(2) equipment and terminal admission control technique are provided, unique device-fingerprint identification can effectively take precautions against private and connect routing
The behavior to network with fake equipment;Compatible with various the old and new's interchangers, user is helped to realize security boundary grade " illegal controllable "
Management objectives.
(3) Terminal Security Management of lightweight, few occupying system resources provide several operation systems version, compatible
The systems such as Windows, Linux, Android, apple.Practical Terminal Security Management function, such as software and hardware asset management, USB flash disk pipe
The utility functions such as control, peripheral hardware control, software distribution.
(4) software and hardware integration framework, deployment are simple;Bypass deployment does not change network structure, does not depend on client software,
Admission control is realized to various complex networks.
(5) customers of large, medium and small different scales are adapted to;Support network-wide basis classification deployment, provide centralized management,
The mode of distributed deployment, two-node cluster hot backup, real-time network admission control.
Detailed description of the invention
Fig. 1 is apparatus of the present invention schematic diagram.
In figure: the first control module 1, third control module 3, the 4th control module 4, CPU 5, is at second control module 2
System bus 6.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.
A kind of ID-Nac system of real name ID network management platform, including the first control module 1, the second control module 2, third control mould
Block 3, the 4th control module 4 and CPU 5;First control module 1, the second control module 2, third control module the 3, the 4th are controlled
Molding block 4 is communicated to connect by system bus 6 and CPU 5, and the CPU 5 is 64 systems.
First control module 1 includes four kinds of network protocol mode interfaces: DHCP, ARP, SNMP, RDP;IP address pipe
Science and engineering tool: IPAM, the whole network IPAM, IP matrix diagram;Trunk schema management module, VLAN schema management module;Enter network termination and sets
Standby fingerprint identification module, equipment are from registration module;Illegal terminal, equipment, which network, alarms and blocks module;Switch port management
Module, network security threats locating module MAC/IP/ switch port/host name binding module;First control module 1 four
Kind network protocol mode interface: DHCP, ARP, SNMP, RDP need to connect different external interfaces according to different;Described
Center virtual machine manager in IPAM and CPU 5 integrates to enable virtual ip address space management, and the whole network IPAM passes through
The form of internet is connected to enable virtual ip address space management, the IP matrix diagram and IPAM, the whole network IPAM are communicated to connect,
The IPAM and the whole network IAM network address way to manage is that fixed network address management and dynamic web addresses manage two ways;The Trunk
Schema management module realizes remote network management by external relay form;It is described enter network termination and device-fingerprint identify mould
Block, equipment are communicated to connect from registration module in the rear end of four kinds of network protocol mode interfaces;The illegal terminal, equipment, which network, to be reported
Alert and blocking module is equipped with signal deteching circuit and warning circuit;The system of real name network address distribution method are as follows: first register through
It reallocates after certification network address.
Second control module 2 includes User ID management module;The domain AD, LDAP, Radius, SQL database;Two kinds are stepped on
Record schema management module: the domain AD single-sign-on module and automatic/Manual synchronization domain account module;Two kinds of user management modules: it uses
Family from registration, from service management;Managing caller, visitor's online empowerment management;IP address issues module;Two-factor authentication module;
User/MAC/IP/ switch port/host name binding management;User ID management module is mainly responsible for the storage of user's registration ID;
The domain the AD single-sign-on module control domain AD work, and result is fed back into CPU 5.
The third control module 3 includes software distribution, remote assistance module;USB flash disk disabling, reading and writing, control extension mould
Block;Software and hardware asset management, hardware resource exceptions alarm module;Terminal software, process, service, anti-virus, Registry Checking mould
Block;Terminal hardware inspection, mobile terminal IMEI/IMSI/SN check module;Windows patch checks module;It is mutual to take precautions against intranet and extranet
Connection, illegal external connection check module;Peripheral equipment management, control, information monitoring module;
4th control module 4 includes concentrating to issue security policy module, data distribution formula synchronization module, data storage
Module, data memory module, more set system each other calamity for module;The ID network management platform operating system are as follows: Windows, peace
Zhuo, IOS, Linux;The User ID management module bank to log audit equipment, IPS and IDS equipment, firewall, interchanger,
The equipment such as radio reception device and flow control are managed by people, by department, by rank.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
Anyone skilled in the art in the technical scope disclosed by the present invention, according to the technique and scheme of the present invention and its
Inventive concept is subject to equivalent substitution or change, should be covered by the protection scope of the present invention.
Claims (6)
1. a kind of ID-Nac system of real name ID network management platform, which is characterized in that including the first control module (1), the second control module
(2), third control module (3), the 4th control module (4) and CPU (5);First control module (1), the second control module
(2), third control module (3), the 4th control module (4) are communicated to connect by system bus (6) and CPU (5);
First control module (1) includes four kinds of network protocol mode interfaces: DHCP, ARP, SNMP, RDP;IP address management
Tool: IPAM, the whole network IPAM, IP matrix diagram;Trunk schema management module, VLAN schema management module;Enter network termination and equipment
Fingerprint identification module, equipment are from registration module;Illegal terminal, equipment, which network, alarms and blocks module;Switch port manages mould
Block, network security threats locating module MAC/IP/ switch port/host name binding module;First control module (1) four
Kind network protocol mode interface: DHCP, ARP, SNMP, RDP need to connect different external interfaces according to different;Described
Center virtual machine manager in IPAM and CPU (5) integrates to enable virtual ip address space management, and the whole network IPAM passes through
The form of internet is connected to enable virtual ip address space management, the IP matrix diagram and IPAM, the whole network IPAM are communicated to connect;
The Trunk schema management module realizes remote network management by external relay form;It is described enter network termination and equipment
Fingerprint identification module, equipment are communicated to connect from registration module in the rear end of four kinds of network protocol mode interfaces;The illegal terminal,
Equipment, which networks, alarms and module is blocked to be equipped with signal deteching circuit and warning circuit;
Second control module (2) includes User ID management module;The domain AD, LDAP, Radius, SQL database;Two kinds of logins
Schema management module: the domain AD single-sign-on module and automatic/Manual synchronization domain account module;Two kinds of user management modules: user
From registration, from service management;Managing caller, visitor's online empowerment management;IP address issues module;Two-factor authentication module;With
Family/MAC/IP/ switch port/host name binding management;User ID management module is mainly responsible for the storage of user's registration ID;Institute
The domain the AD single-sign-on module control domain AD work is stated, and result is fed back into CPU (5);
The third control module (3) includes software distribution, remote assistance module;USB flash disk disabling, reading and writing, control extension module;
Software and hardware asset management, hardware resource exceptions alarm module;Terminal software, process, service, anti-virus, Registry Checking module;
Terminal hardware inspection, mobile terminal IMEI/IMSI/SN check module;Windows patch checks module;The interconnection of prevention intranet and extranet,
Illegal external connection checks module;Peripheral equipment management, control, information monitoring module;
4th control module (4) includes concentrating to issue security policy module, data distribution formula synchronization module, data storage mould
Block, data memory module, more set system each other calamity for module.
2. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the ID network management is flat
Platform operating system are as follows: Windows, Android, IOS, Linux.
3. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the CPU (5) is
64 systems.
4. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the IPAM and complete
Netting IAM network address way to manage is that fixed network address management and dynamic web addresses manage two ways.
5. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the system of real name net
The location method of salary distribution are as follows: first register through network address of reallocating after authenticating.
6. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the User ID pipe
Module is managed to equipment such as log audit equipment, IPS and IDS equipment, firewall, interchanger, radio reception device and flow controls
It is managed by people, by department, by rank.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711099563.0A CN109768872A (en) | 2017-11-09 | 2017-11-09 | A kind of ID-Nac system of real name ID network management platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711099563.0A CN109768872A (en) | 2017-11-09 | 2017-11-09 | A kind of ID-Nac system of real name ID network management platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109768872A true CN109768872A (en) | 2019-05-17 |
Family
ID=66449774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711099563.0A Pending CN109768872A (en) | 2017-11-09 | 2017-11-09 | A kind of ID-Nac system of real name ID network management platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109768872A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113783724A (en) * | 2021-08-27 | 2021-12-10 | 国网江苏省电力有限公司南通供电分公司 | Terminal access monitoring early warning platform |
EP4246889A1 (en) * | 2022-03-14 | 2023-09-20 | Juniper Networks, Inc. | Closed-loop network provisioning based on network access control fingerprinting |
-
2017
- 2017-11-09 CN CN201711099563.0A patent/CN109768872A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113783724A (en) * | 2021-08-27 | 2021-12-10 | 国网江苏省电力有限公司南通供电分公司 | Terminal access monitoring early warning platform |
EP4246889A1 (en) * | 2022-03-14 | 2023-09-20 | Juniper Networks, Inc. | Closed-loop network provisioning based on network access control fingerprinting |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9736152B2 (en) | Device blocking tool | |
US8484705B2 (en) | System and method for installing authentication credentials on a remote network device | |
US8806607B2 (en) | Unauthorized data transfer detection and prevention | |
US9553891B1 (en) | Device blocking tool | |
US7849309B1 (en) | Method of securing network access radio systems | |
US20060095961A1 (en) | Auto-triage of potentially vulnerable network machines | |
US20070177615A1 (en) | Voip security | |
CN106792684B (en) | Multi-protection wireless network safety protection system and protection method | |
JP2006522420A (en) | Network security system based on physical location | |
US8091119B2 (en) | Identity based network mapping | |
US8103756B2 (en) | Network access device capability alert mechanism | |
US20200382500A1 (en) | Methods, systems, and computer readable mediums for securely establishing credential data for a computing device | |
CN105282157A (en) | Secure communication control method | |
US20140330969A1 (en) | System and Method for As Needed Connection Escalation | |
CN109768872A (en) | A kind of ID-Nac system of real name ID network management platform | |
CN103139056B (en) | A kind of security gateway and the exchange method of a kind of network data | |
CN104113453A (en) | Method and system for monitoring and alarming abnormal parallel accessing of local area network | |
US9628480B2 (en) | Device blocking tool | |
CN105099849B (en) | A kind of method for building up and equipment in the tunnels IPsec | |
CN109922058B (en) | Intranet protection method for preventing illegal access to intranet | |
US8477747B1 (en) | Automatic capture of wireless endpoints for connection enforcement | |
US10873607B1 (en) | Logical network abstraction for network access control | |
KR20120058670A (en) | Unified gateway device for providing dbtabase security | |
CN106100889A (en) | The Enhancement Method of a kind of snmp protocol safety and device | |
CN103763120A (en) | Network terminal management method based on SNMP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190517 |
|
WD01 | Invention patent application deemed withdrawn after publication |