【作者】 王杨；

【导师】 许梅； 春增军；

【作者基本信息】 哈尔滨工业大学 ， 软件工程， 2012， 硕士

【摘要】 伴随着国内企业信息化程度的不断提升，绝大多数的企业在业务运营及信息资产方面，正面临着日益加剧的安全威胁。虽然各个企业逐年增加对信息安全防护方面的投入，但在面临与日俱增的恶意代码破坏和骇客恶意破坏等安全问题时，防不胜防，仍处于十分被动的阶段，更谈不上主动防御。如果没有明确的被保护对象和范围，信息安全是没有价值的。企业的内部组织信息，员工信息，以及企业的客户信息，商务伙伴的资料与数据等，是企业赖以生存的基础，都是需要保护的重要资产。而企业面临的大多数的安全威胁均来自于内部，这些威胁绝大部分是内部各种非法和违规的操作行为所造成的，几乎所有企业管理人员都为企业终端的安全、管理等问题而苦恼。论文以中广核集团可信终端接入控制系统建设项目为数据来源和基础，根据中广核所提供的基本流程和要求进行了相应的需求调研和分析，分析了中广核内部终端管理问题的关键，进而得出可信终端接入控制系统的最终功能和性能需求。并以此为依据，逐步实现了预定的终端多重身份验证，终端强制完整性检查，优化了终端接入的可信计算，从实际上解决了企业内部终端管理困难的问题。可信终端接入控制系统主要用于企业内部网络计算机终端的管理、接入管理、完整性检查和可信计算。可信终端接入控制系统首先通过身份认证子系统对终端进行双重身份认证，包括网络身份认证、系统身份认证、硬件设备认证。在终端接入认证过程中，通过强制完整性检查子系统，对终端的操作系统补丁、防病毒软件、必备软件集进行检查，即强制完整性检查。通过终端可信计算，实现对终端进行系统文件完整校验、注册表完整校验、进程签名，从而使得企业内部终端接入可信，企业信息安全得到保障，提升企业信息化水平。更多还原

【Abstract】 Accompanied by the rise of the domestic enterprises, the degree of information,the vast majority of companies in the business operations and information assets, arefacing increasing security threats.Although various corporate investment ininformation security has increased year by year, but in the face of growing maliciouscode and hacker vandalism and other security issues, hard to detect, is still in a verypassive stage, let alone active defense.If no clear object of protection and the scope ofinformation security is of no value. The internal organization of the enterpriseinformation, employee information, as well as corporate customers, business partners,information and data, etc., is the basis for enterprise survival, the need to protectimportant assets.Most of the security threats facing enterprises from inside thesethreats mostly caused by the internal variety of illegal acts and violations of operating,almost all corporate executives are upset enterprise terminal security management.The paper engaged the terminal access control system construction projectprovided by the China Guangdong Nuclear basic processes and requirements for thedata source and the basis of the corresponding demand for research and analysis,analysis of the China Guangdong Nuclear internal terminal management issues of key,and then come tofinal functional and performance requirements of the trustedterminal access control systems.On this basis, the progressive realization of apredetermined terminal multifactor authentication, the terminal force integritychecking, and optimization of the trusted computing for terminal access, fromactually solve the difficult problem of the internal terminal management.The trusted terminal access control system is mostly used for the management ofthe internal network computer terminal, access management, integrity checks andtrusted computing.The trusted terminal access control system through the first of theauthentication subsystem terminal double authentication including networkauthentication system authentication, hardware certification.Terminal accessauthentication process by forcing the integrity check subsystem, terminal operatingsystem patches, anti-virus software, essential software set to check that themandatory integrity check.By trusted computing through the terminal, system fileintegrity check on the terminal, registry integrity check signature process, so that theinternal terminal to access credible, enterprise information security protection, andenhance the level of enterprise information.更多还原