CN109768872A - A kind of ID-Nac system of real name ID network management platform - Google Patents

A kind of ID-Nac system of real name ID network management platform Download PDF

Info

Publication number
CN109768872A
CN109768872A CN201711099563.0A CN201711099563A CN109768872A CN 109768872 A CN109768872 A CN 109768872A CN 201711099563 A CN201711099563 A CN 201711099563A CN 109768872 A CN109768872 A CN 109768872A
Authority
CN
China
Prior art keywords
module
network
management
control module
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711099563.0A
Other languages
Chinese (zh)
Inventor
程卫锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Rong Hao Information Technology Co Ltd
Original Assignee
Guangzhou Rong Hao Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Rong Hao Information Technology Co Ltd filed Critical Guangzhou Rong Hao Information Technology Co Ltd
Priority to CN201711099563.0A priority Critical patent/CN109768872A/en
Publication of CN109768872A publication Critical patent/CN109768872A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to technical field of network management, especially a kind of ID-Nac system of real name ID network management platform, comprising: the first control module, the second control module, third control module, the 4th control module and CPU;First control module, the second control module, third control module, the 4th control module are communicated to connect by system bus and CPU.The present invention can help user to realize the target of " the whole network is visual, illegal controllable, legal manage ".

Description

A kind of ID-Nac system of real name ID network management platform
Technical field
The present invention relates to technical field of network management more particularly to a kind of ID-Nac system of real name ID network management platforms.
Background technique
As the brain and nervous centralis of network, network management platform guarantees to save in network by monitoring and controlling network What is communicated between point is smooth, and obtains network between performance and consumption and effectively balance.It is wanted to reliability and safety Very high commercial network real-time control field is asked, the importance of network management platform is especially prominent.High reliability, hard real-time, High security and tight confidentiality requirement network management platform can be under the premise of guaranteeing network communication smoothly, it is ensured that in network Node can be accessed by entity that other have been authorized, support the relevant diagnostic service of network, prevent hacker, unauthorized account abnormal It logs in.This means that the performance of network management platform and implements network management technology must reach between network bring burden To balance.
Commercial network real-time control field is mostly used based on TCP/IP transport protocol, hardware firewall, software virus at present The network managing mode in library manages the safety of commercial network.The network that these Network Management Protocol belong to static nature connects Mouthful, accurate real-time fault message can be provided for fault diagnosis system, with certain error situation, but and commercial network It is required that ensuring that the requirement of extremely low serious forgiveness, energy " perfectly safe " also differs greatly.
With enlivening for business activity, volume of transmitted data sharp increase.Business circles are for the integrality of its information and reliable Property is increasingly paid close attention to.Information technology administrators are needed in corporate networks, enterprise network or the customer network that management is provided by ISP Carry out safe communication.Due to may relate to the confidential information of enterprise, communication security is most important.Reach safety requirements, Conventional method is that an individual connection is provided by phone or other personal communication apparatus, and this method is both inconvenient or not It is economical.
Summary of the invention
The present invention only can not achieve in the prior art: the whole network is visual, it is illegal it is controllable, legal can pipe aiming at the problem that, provide A kind of ID-Nac system of real name ID network management platform.
The present invention using following technical scheme in order to solve the above technical problems, realized:
Design a kind of ID-Nac system of real name ID network management platform, including the control of the first control module, the second control module, third Module, the 4th control module and CPU;First control module, the second control module, third control module, the 4th control mould Block is communicated to connect by system bus and CPU;
First control module includes four kinds of network protocol mode interfaces: DHCP, ARP, SNMP, RDP;IP address management Tool: IPAM, the whole network IPAM, IP matrix diagram;Trunk schema management module, VLAN schema management module;Enter network termination and equipment Fingerprint identification module, equipment are from registration module;Illegal terminal, equipment, which network, alarms and blocks module;Switch port manages mould Block, network security threats locating module MAC/IP/ switch port/host name binding module;Four kinds of first control module Network protocol mode interface: DHCP, ARP, SNMP, RDP need to connect different external interfaces according to different;The IPAM It is integrated with the center virtual machine manager in CPU to enable virtual ip address space management, the whole network IPAM is mutual by connection The form of networking enables virtual ip address space management, and the IP matrix diagram and IPAM, the whole network IPAM communicate to connect;It is described Trunk schema management module realizes remote network management by external relay form;It is described enter network termination and device-fingerprint Identification module, equipment are communicated to connect from registration module in the rear end of four kinds of network protocol mode interfaces;The illegal terminal, equipment It networks and alarms and module is blocked to be equipped with signal deteching circuit and warning circuit;
Second control module includes User ID management module;The domain AD, LDAP, Radius, SQL database;Two kinds are stepped on Record schema management module: the domain AD single-sign-on module and automatic/Manual synchronization domain account module;Two kinds of user management modules: it uses Family from registration, from service management;Managing caller, visitor's online empowerment management;IP address issues module;Two-factor authentication module; User/MAC/IP/ switch port/host name binding management;User ID management module is mainly responsible for the storage of user's registration ID; The domain the AD single-sign-on module control domain AD work, and result is fed back into CPU;
The third control module includes software distribution, remote assistance module;USB flash disk disabling, reading and writing, control extension module; Software and hardware asset management, hardware resource exceptions alarm module;Terminal software, process, service, anti-virus, Registry Checking module; Terminal hardware inspection, mobile terminal IMEI/IMSI/SN check module;Windows patch checks module;The interconnection of prevention intranet and extranet, Illegal external connection checks module;Peripheral equipment management, control, information monitoring module;
4th control module includes concentrating to issue security policy module, data distribution formula synchronization module, data storage Module, data memory module, more set system each other calamity for module.
Preferably, the ID network management platform operating system are as follows: Windows, Android, IOS, Linux.
Preferably, the CPU is 64 systems.
Preferably, the IPAM and the whole network IAM network address way to manage are fixed network address management and dynamic web addresses management two Kind mode.
Preferably, the system of real name network address distribution method are as follows: first register through network address of reallocating after authenticating.
Preferably, the User ID management module to log audit equipment, IPS and IDS equipment, firewall, interchanger, The equipment such as radio reception device and flow control are managed by people, by department, by rank.
The present invention provides a kind of ID-Nac system of real name ID network management platform, the beneficial effect is that:
(1) powerful network automatically administrative skill is provided, monitors the whole network in real time, realizes the discovery of various kinds of equipment and accurate Positioning;By forms such as figure, image, report and colors, terminal, equipment and the IP address etc. of Intranet are shown intuitively, with open arms The multidate information and statistical information of disparate networks entity.
(2) equipment and terminal admission control technique are provided, unique device-fingerprint identification can effectively take precautions against private and connect routing The behavior to network with fake equipment;Compatible with various the old and new's interchangers, user is helped to realize security boundary grade " illegal controllable " Management objectives.
(3) Terminal Security Management of lightweight, few occupying system resources provide several operation systems version, compatible The systems such as Windows, Linux, Android, apple.Practical Terminal Security Management function, such as software and hardware asset management, USB flash disk pipe The utility functions such as control, peripheral hardware control, software distribution.
(4) software and hardware integration framework, deployment are simple;Bypass deployment does not change network structure, does not depend on client software, Admission control is realized to various complex networks.
(5) customers of large, medium and small different scales are adapted to;Support network-wide basis classification deployment, provide centralized management, The mode of distributed deployment, two-node cluster hot backup, real-time network admission control.
Detailed description of the invention
Fig. 1 is apparatus of the present invention schematic diagram.
In figure: the first control module 1, third control module 3, the 4th control module 4, CPU 5, is at second control module 2 System bus 6.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.
A kind of ID-Nac system of real name ID network management platform, including the first control module 1, the second control module 2, third control mould Block 3, the 4th control module 4 and CPU 5;First control module 1, the second control module 2, third control module the 3, the 4th are controlled Molding block 4 is communicated to connect by system bus 6 and CPU 5, and the CPU 5 is 64 systems.
First control module 1 includes four kinds of network protocol mode interfaces: DHCP, ARP, SNMP, RDP;IP address pipe Science and engineering tool: IPAM, the whole network IPAM, IP matrix diagram;Trunk schema management module, VLAN schema management module;Enter network termination and sets Standby fingerprint identification module, equipment are from registration module;Illegal terminal, equipment, which network, alarms and blocks module;Switch port management Module, network security threats locating module MAC/IP/ switch port/host name binding module;First control module 1 four Kind network protocol mode interface: DHCP, ARP, SNMP, RDP need to connect different external interfaces according to different;Described Center virtual machine manager in IPAM and CPU 5 integrates to enable virtual ip address space management, and the whole network IPAM passes through The form of internet is connected to enable virtual ip address space management, the IP matrix diagram and IPAM, the whole network IPAM are communicated to connect, The IPAM and the whole network IAM network address way to manage is that fixed network address management and dynamic web addresses manage two ways;The Trunk Schema management module realizes remote network management by external relay form;It is described enter network termination and device-fingerprint identify mould Block, equipment are communicated to connect from registration module in the rear end of four kinds of network protocol mode interfaces;The illegal terminal, equipment, which network, to be reported Alert and blocking module is equipped with signal deteching circuit and warning circuit;The system of real name network address distribution method are as follows: first register through It reallocates after certification network address.
Second control module 2 includes User ID management module;The domain AD, LDAP, Radius, SQL database;Two kinds are stepped on Record schema management module: the domain AD single-sign-on module and automatic/Manual synchronization domain account module;Two kinds of user management modules: it uses Family from registration, from service management;Managing caller, visitor's online empowerment management;IP address issues module;Two-factor authentication module; User/MAC/IP/ switch port/host name binding management;User ID management module is mainly responsible for the storage of user's registration ID; The domain the AD single-sign-on module control domain AD work, and result is fed back into CPU 5.
The third control module 3 includes software distribution, remote assistance module;USB flash disk disabling, reading and writing, control extension mould Block;Software and hardware asset management, hardware resource exceptions alarm module;Terminal software, process, service, anti-virus, Registry Checking mould Block;Terminal hardware inspection, mobile terminal IMEI/IMSI/SN check module;Windows patch checks module;It is mutual to take precautions against intranet and extranet Connection, illegal external connection check module;Peripheral equipment management, control, information monitoring module;
4th control module 4 includes concentrating to issue security policy module, data distribution formula synchronization module, data storage Module, data memory module, more set system each other calamity for module;The ID network management platform operating system are as follows: Windows, peace Zhuo, IOS, Linux;The User ID management module bank to log audit equipment, IPS and IDS equipment, firewall, interchanger, The equipment such as radio reception device and flow control are managed by people, by department, by rank.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Anyone skilled in the art in the technical scope disclosed by the present invention, according to the technique and scheme of the present invention and its Inventive concept is subject to equivalent substitution or change, should be covered by the protection scope of the present invention.

Claims (6)

1. a kind of ID-Nac system of real name ID network management platform, which is characterized in that including the first control module (1), the second control module (2), third control module (3), the 4th control module (4) and CPU (5);First control module (1), the second control module (2), third control module (3), the 4th control module (4) are communicated to connect by system bus (6) and CPU (5);
First control module (1) includes four kinds of network protocol mode interfaces: DHCP, ARP, SNMP, RDP;IP address management Tool: IPAM, the whole network IPAM, IP matrix diagram;Trunk schema management module, VLAN schema management module;Enter network termination and equipment Fingerprint identification module, equipment are from registration module;Illegal terminal, equipment, which network, alarms and blocks module;Switch port manages mould Block, network security threats locating module MAC/IP/ switch port/host name binding module;First control module (1) four Kind network protocol mode interface: DHCP, ARP, SNMP, RDP need to connect different external interfaces according to different;Described Center virtual machine manager in IPAM and CPU (5) integrates to enable virtual ip address space management, and the whole network IPAM passes through The form of internet is connected to enable virtual ip address space management, the IP matrix diagram and IPAM, the whole network IPAM are communicated to connect; The Trunk schema management module realizes remote network management by external relay form;It is described enter network termination and equipment Fingerprint identification module, equipment are communicated to connect from registration module in the rear end of four kinds of network protocol mode interfaces;The illegal terminal, Equipment, which networks, alarms and module is blocked to be equipped with signal deteching circuit and warning circuit;
Second control module (2) includes User ID management module;The domain AD, LDAP, Radius, SQL database;Two kinds of logins Schema management module: the domain AD single-sign-on module and automatic/Manual synchronization domain account module;Two kinds of user management modules: user From registration, from service management;Managing caller, visitor's online empowerment management;IP address issues module;Two-factor authentication module;With Family/MAC/IP/ switch port/host name binding management;User ID management module is mainly responsible for the storage of user's registration ID;Institute The domain the AD single-sign-on module control domain AD work is stated, and result is fed back into CPU (5);
The third control module (3) includes software distribution, remote assistance module;USB flash disk disabling, reading and writing, control extension module; Software and hardware asset management, hardware resource exceptions alarm module;Terminal software, process, service, anti-virus, Registry Checking module; Terminal hardware inspection, mobile terminal IMEI/IMSI/SN check module;Windows patch checks module;The interconnection of prevention intranet and extranet, Illegal external connection checks module;Peripheral equipment management, control, information monitoring module;
4th control module (4) includes concentrating to issue security policy module, data distribution formula synchronization module, data storage mould Block, data memory module, more set system each other calamity for module.
2. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the ID network management is flat Platform operating system are as follows: Windows, Android, IOS, Linux.
3. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the CPU (5) is 64 systems.
4. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the IPAM and complete Netting IAM network address way to manage is that fixed network address management and dynamic web addresses manage two ways.
5. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the system of real name net The location method of salary distribution are as follows: first register through network address of reallocating after authenticating.
6. a kind of ID-Nac system of real name ID network management platform according to claim 1, which is characterized in that the User ID pipe Module is managed to equipment such as log audit equipment, IPS and IDS equipment, firewall, interchanger, radio reception device and flow controls It is managed by people, by department, by rank.
CN201711099563.0A 2017-11-09 2017-11-09 A kind of ID-Nac system of real name ID network management platform Pending CN109768872A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711099563.0A CN109768872A (en) 2017-11-09 2017-11-09 A kind of ID-Nac system of real name ID network management platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711099563.0A CN109768872A (en) 2017-11-09 2017-11-09 A kind of ID-Nac system of real name ID network management platform

Publications (1)

Publication Number Publication Date
CN109768872A true CN109768872A (en) 2019-05-17

Family

ID=66449774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711099563.0A Pending CN109768872A (en) 2017-11-09 2017-11-09 A kind of ID-Nac system of real name ID network management platform

Country Status (1)

Country Link
CN (1) CN109768872A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783724A (en) * 2021-08-27 2021-12-10 国网江苏省电力有限公司南通供电分公司 Terminal access monitoring early warning platform
EP4246889A1 (en) * 2022-03-14 2023-09-20 Juniper Networks, Inc. Closed-loop network provisioning based on network access control fingerprinting

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783724A (en) * 2021-08-27 2021-12-10 国网江苏省电力有限公司南通供电分公司 Terminal access monitoring early warning platform
EP4246889A1 (en) * 2022-03-14 2023-09-20 Juniper Networks, Inc. Closed-loop network provisioning based on network access control fingerprinting

Similar Documents

Publication Publication Date Title
US9736152B2 (en) Device blocking tool
US8484705B2 (en) System and method for installing authentication credentials on a remote network device
US8806607B2 (en) Unauthorized data transfer detection and prevention
US9553891B1 (en) Device blocking tool
US7849309B1 (en) Method of securing network access radio systems
US20060095961A1 (en) Auto-triage of potentially vulnerable network machines
US20070177615A1 (en) Voip security
CN106792684B (en) Multi-protection wireless network safety protection system and protection method
JP2006522420A (en) Network security system based on physical location
US8091119B2 (en) Identity based network mapping
US8103756B2 (en) Network access device capability alert mechanism
US20200382500A1 (en) Methods, systems, and computer readable mediums for securely establishing credential data for a computing device
CN105282157A (en) Secure communication control method
US20140330969A1 (en) System and Method for As Needed Connection Escalation
CN109768872A (en) A kind of ID-Nac system of real name ID network management platform
CN103139056B (en) A kind of security gateway and the exchange method of a kind of network data
CN104113453A (en) Method and system for monitoring and alarming abnormal parallel accessing of local area network
US9628480B2 (en) Device blocking tool
CN105099849B (en) A kind of method for building up and equipment in the tunnels IPsec
CN109922058B (en) Intranet protection method for preventing illegal access to intranet
US8477747B1 (en) Automatic capture of wireless endpoints for connection enforcement
US10873607B1 (en) Logical network abstraction for network access control
KR20120058670A (en) Unified gateway device for providing dbtabase security
CN106100889A (en) The Enhancement Method of a kind of snmp protocol safety and device
CN103763120A (en) Network terminal management method based on SNMP

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20190517

WD01 Invention patent application deemed withdrawn after publication