Terminal-based network access control system

Abstract

The invention provides a terminal-based network access control system. The terminal-based network access control system comprises a network access control module, a network limit module and a network card middle layer filtering driving module, wherein the network access control module performs network authentication according to the identity of a user to determine whether to allow terminal equipment used by the user to connect a network; the network limit module is used for analyzing a network access control policy transmitted by a server, converting the network access control policy into an access control list and distributing the access control list to the network card middle layer filtering driving module; and the network card middle layer filtering driving module is used for filtering data frames received by a network card of the terminal equipment to intercept network access action forbidden in the network access control policy. By the system, network access actions to a computer can be limited at a terminal, and different computers or users can only access to appointed networks. Under the condition that the safety state of the user is changed, the user can be isolated in an appointed network area, and influence to others is prevented.

Description

【Technical Field】 [0001] The invention relates to the field of computer communication, in particular to a terminal-based network access control system. 【Background technique】 [0002] Traditional network isolation technology control is generally achieved by configuring switches or firewalls. It has high hardware requirements and poor compatibility. When user access rights need to be dynamically changed, frequent switches need to be set, and most switches Distributed, it is very troublesome to configure, and the configuration of a large number of ACLs (access control lists) on the switch or firewall will affect the performance of the switch, resulting in a decrease in network performance. Some non-network management switches cannot support this type of configuration; at the same time, for users If you connect an external 3G network card or wireless network card to access the Internet, you cannot configure a switch or firewall to limit network access and control network traffic. [...

AI Technical Summary

Problems solved by technology

[0002] Traditional network isolation technology control is generally implemented by configuring switches or firewalls, which has high hardware requirements and poor compatibility. When user access rights need to change dynamically, frequent switch settings must be set, and switches are mostly Scattered, it is very troublesome to configure, and configuring a large number of ACLs (Access Control List) on the switch or firewall will affect the performance of the switch, resulting in a decrease in network performance, and some non-network management switches cannot support such configurations; at the same time, for users External 3G network card or wireless network card and other Internet access methods, it is impossible to restrict network access and control network traffic by configuring switches or firewalls

[0003] In the traditional network isolation technology, if it is necessary to limit the access rights of a certain terminal to the network, it is necessary to configure the firewall, or the ACL table or VLAN (Virtual Local Area Network) of devices such as switches. Frequently changing the configuration of the switch or firewall increases the pressure on the hardware and also brings difficult...

Images