Cache password-based network equipment security access system and working method thereof

Abstract

The invention discloses a cache password-based network equipment security access system and method. The system is provided with a bastion host server, an AAA server, a log analysis server, a client and managed network equipment, wherein the structures of the bastion host server and the AAA server are respectively improved. The system is innovatively characterized in that a bastion host server caches an account and a password of a client user and forwards the account and the password to an AAA server for authentication; and the traditional local storage and local authentication mode of accountpassword and authority setting of the network equipment is replaced. The cache password is transmitted in an encrypted manner. The managed network equipment only allows the user to access after passing the authentication of the cache password, so that the security and reliability of the login account password of the network equipment can be enhanced and ensured. The AAA server realizes centralizedmanagement of local authentication information dispersed in numerous network devices. The user management authority is finely divided, and the user behavior is limited in a legal management control range, so that the security of the network equipment is ensured.

Description

technical field [0001] The present invention relates to a system and working method for secure access to network equipment based on cached passwords, which is used to solve the problem of password leakage caused by the traditional mechanism of local storage and local authentication of network equipment account passwords in the prior art in the existing IP network The defects of high risk, uncontrollability, and difficulty of accountability; and when using the bastion machine management method, there are also many shortcomings of uncontrollable, out-of-sync, and reversible passwords. The invention adopts the AAA identity authentication mode to replace the traditional local authentication mode, and replaces the traditional user account password with the cached password, and also sets the user management authority in the AAA server, so that the division of user management authority is more convenient and the network equipment is more secure. It belongs to the technical field of n...

AI Technical Summary

Problems solved by technology

[0009] 1. The administrator's management of account passwords does not meet the basic requirements that network equipment should be protected by different network security levels; and account passwords are easy to leak, with high risks, and once leaked, the scope of influence is large and the loss is serious

[0010] 2. Multiple users use the same account and password, which makes it impossible to effectively control and distinguish whether each user can manage their own different network devices; and it is also difficult to distinguish and divide the management of different users for the same network device

Once a security incident occurs, it is difficult to locate the actual user and responsible person of the account

[0011] 3. When different network devices are independently audited, the audit logs of each network device will have different content and differe

Images