Access control method and system based on security state of terminal host

Abstract

The invention discloses an access control method based on a security state of a terminal host. The method comprises the following steps: judging an access state of an access terminal accessing network resources so as to judge to directly switch the access terminal to a network access device or enable the access terminal to enter an admission stage, wherein the admission stage comprises management registration, registration audit, security detection, authentication and authority management. According to the access control method disclosed by the invention, the objectives of device security, personnel security and network resource access security are achieved in stages, and the device network access flows are refined; the network access flows are more accurate by a plurality of states, accurate network access control of devices in different states is realized, and differential control of different users of different devices is realized.

Description

technical field [0001] The invention relates to the field of network security and access control, in particular to an access control method and system based on the security state of a terminal host. Background technique [0002] The current access control field is in accordance with 7 In terms of layer protocol division, it is mainly divided into access layer access control and network layer based on IP Access control, access layer control mainly includes 802.1x certified, but 802.1x There are certain defects in certification, on the one hand, due to 802.1x It is based on port-level authentication. Once the authentication is passed, no further access control can be done, causing certain security problems. On the other hand, if the port is connected to NAT equipment, as long as NAT If one terminal passes the authentication, the rest of the terminals are considered safe, and precise access control cannot be realized. However, access control at the netw...

AI Technical Summary

Problems solved by technology

[0002] The current access control domain is in accordance with 7 In terms of layer protocol division, it is mainly divided into access layer access control and network layer based on IP Access control, access layer control mainly includes 802.1x certified, but 802.1x There are certain flaws in certification, on the one hand due to 802.1x It is based on port-level authentication. Once the authentication is passed, no further access control can be done, causing certain security problems. On the other hand, if the port is connected to NAT equipment, as long as NAT If one terminal passes the authentication, the rest of the terminals are considered safe, and precise access control cannot be realized. However, access control at the network layer mainly includes PORTAL certified, PORTAL Authentication is easy to use, but there are also some disadvantages. It is impossible to judge the legality of the access device, but only to verify the legality of the user. Therefore, it is easy to cause the device itself to be insecure or have loopholes and viruses that threaten the network.

Images