Network admission control method and system

Abstract

The invention provides a network admission control method and system, and relates to the technical field of network security, and the method comprises the steps: detecting a real-time online terminalin a network; performing security auditing on the real-time online terminal according to a basic database; if the real-time online terminal passes the security auditing, permitting the real-time online terminal to access the network; if the real-time online terminal does not pass the security audit, performing security authentication on the real-time online terminal according to the basic data if the real-time online terminal passes the security authentication, permitting the real-time online terminal to access the network, and setting a first access permission; if the real-time online terminal does not pass the security authentication, performing security evaluation on the real-time online terminal according to the basic data if the real-time online terminal passes the securityevaluation, permitting the real-time online terminal to access the network, and setting a second access permission; and if the real-time online terminal does not pass the security assessment, refusingthe real-time online terminal to enter the network. According to the invention, multiple verification is carried out on the authenticity of the user identity and the terminal risk, network admissioncontrol and access permission acquisition are realized, and the network security is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a network access control method and system. Background technique [0002] With the development and integration of computer technology and network communication technology, terminal security management is becoming more and more important for every enterprise. A good terminal security control technology can ensure that the security policy of the enterprise is truly implemented and effectively control various Illegal security incidents, to the greatest extent contain the repeated malicious attacks and damages in the network. At present, in enterprise networks, user terminal computers do not update system patches and virus databases in time, set up proxy servers privately, access external networks privately, and abuse enterprise software to disable behaviors abound. Once a vulnerable user terminal is connected to the network, the It is equivalent to opening the door to pote...

AI Technical Summary

Problems solved by technology

However, because the current data collection method is relatively simple, the amount of collected data is small but not comprehensive enough, which leads to loopholes in network access control and cannot effectively guarantee network security.

Although the traditional way of installing additional agents for data collection increases the amount of collected data, the operation is more complicated, and the increase in equipment also increases the corresponding security risks

Images