Bypass authentication and audit method

Abstract

The invention discloses a bypass authentication and audit method. The bypass authentication and audit method comprises steps that (1), authentication and audit equipment is accessed to a three-layer switch or a router and realizes network isolation from a user terminal; step (2), a port mirror image function of the three-layer switch or the router is utilized, and networking data of a user is transferred to the authentication and audit equipment in a mirror image mode; step (3), the direction of the data is determined by the authentication and audit equipment according to an MAC address of a gateway of a user; and step (4), a network access request of the user is analyzed by the authentication and audit equipment, and the authentication and audit function for the user data is further carried out. The method is advantaged in that the user can be prevented from changing the network topological structure, and reconstruction cost of the user is reduced; equipment performance requirements of the user during use are reduced, and cost is reduced; when the equipment being used by the user is in a fault, only the authentication and audit function fails, and normal network access of the user is not influenced.

Description

technical field [0001] The invention relates to a bypass authentication and audit method. Background technique [0002] With the popularity of public networks, network security has become more and more important. During network deployment, there are more and more requirements for certification and auditing, including the re-deployment and reconstruction of many existing existing networks. The realization of the authentication and auditing function must rely on the data flow of the user's access network, and realize the authentication and auditing by controlling or intercepting the user's online data. During the transformation of the existing network, reducing transformation costs, reducing maintenance manpower and performance requirements have become the primary selection criteria for customers. At present, there is a solution to achieve the above functions: embed the authentication and audit equipment into the live network, that is, control the original data flow of the t...

AI Technical Summary

Problems solved by technology

At present, there is a solution to achieve the above functions: embed the authentication and audit equipment into the live network, that is, control the original data flow of the terminal, and embed the equipment into the backbone network where the user accesses the network. Because the user's data flow needs to be forwarded by the device, it can be By intercepting the user's http request to achieve the purpose of http authentication, the data stream can be directly copied to the user state to collect audit data. When this solution is used, it needs to change the network structure of the existing network and consume a lot of unnecessary manpower. Moreover, the forwarding performance requirements of the equipment are very high, and the cost is high. When the equipment fails, it will cause the network to be paralyzed. It is also necessary to consider whether to be the master or backup, which will bring disadvantages to people.