网络身份认证技术及其在防火墙中地应用(评审).doc

网络身份认证技术及其在防火墙中的应用 PAGE PAGE 3 摘要 Internet的开放性和商业化促使越来越多的局域网络加入到Internet中，在网络资源共享带来巨大利益的同时，网络的开放性也带来了系统入侵等安全性问题，因此如何在开放的Internet中保护自己的局域网成为了人们关注的问题。防火墙作为局域网安全的重要保障手段之一发挥着重要的作用。身份认证不但是防火墙安全的第一道屏障，更是其它安全服务的基础，所以建立一个统一和安全可靠的身份认证系统具有十分重要的意义。 本文深入分析了网络身份认证的理论和技术，主要介绍了网络安全中信息认证、用户身份认证的现状及其发展趋势，综合评价了各种认证机制和方案，并在此基础上，设计实现了一种基于防火墙的身份认证系统。该系统具有如下的特点：由于认证系统在设计上采用分布式体系结构，实现上采用了认证体制与协议分离的技术，所以系统灵活性高，可扩展性强，易于集成新的认证技术；X.509公钥证书的引入，和基于公钥体制认证协议的应用，更进一步提高了系统的安全性和可扩充性，特别适用于面向Internet进行用户身份认证的防火墙中；对用户身份一次性认证（Single Sign-On）的实现，解决了重复认证的问题，提高了系统的整体的安全性和工作效率；通过在客户端加装代理程序，充分兼容用户原有网络系统的特点。 关键词：身份认证、防火墙、公开密钥基础设施、代理 Network Authentication Technology and It’s Application in Firewall Abstract: With the opening and commercialization of Internet, more and more Intranets have been added into the Internet. As great profits are made by sharing network resources, the system will probably face the problem of system invasion. Therefore, how to protect our Intranet becomes a very critical issue. Firewall plays an important role on protecting our Intranets. Authentication is not only the first defense of the firewall but also the base of other security services. Therefore, it is important to build a unique and secure authentication system. This paper thoroughly analyzes the theory and technology of network authentication. It introduces the present situation and developing trend of information authentication and user authentication in network security. Upon the analysis and comparison of different authentication systems, the author designed a firewall based authentication system. This authentication system has the following features: since it was designed in distributed structure and was implemented by separating authentication system and protocol, the system has high flexibility and is very easy to integrate new authentication technology; the introduction of X.509 public key certificate and the application of public key authentication protocol have greatly enhanced the system security and extending ab