| With the deepening of global information degree, network in people’s daily life andwork becomes necessary. In order to coordinate with the work and storage theconfidential information, more and more enterprises, institutions and the governmentare set up their own Intranet, which makes work more convenience. But thevulnerability of the Intranet and the Intranet’s information is easy to carry, which makethe spills of information occurred frequently and become a problem which trouble a lotof institutions. Looking for a reasonable and reliable protection scheme of Intranet’sinformation becomes a problem that can not to be ignored when the institutions considerhow to have the healthy development.At present, the functions of most security products are single and targeted, andwhat they do is only protect the information by passwords, which is difficult to meet awide range of safety requirements of the enterprises, institutions and government andhard to manage the passwords. And a few of multi-function safety products are overlyrestrictive, which reduce the performance of the computers and Intranet and make workmore inconvenience. How to protect the Intranet’s information and avoid the spills inthe Intranet environment has become a very important research content.Public key infrastructure technology, use the cryptography algorithm and messagedigest, and to ensure the truthfulness, completeness, confidentiality and non-repudiationof the information. Besides, it established the certification authority and digitalcertificate on the basis of the modern cryptography, which can provide different securityservices for different users.In order to meet the demand of the safety of the Intranet’s information, at the sametime better play to the performance of the Intranet, this thesis draws up a solution thathow to protect the safety of the Intranet’s information after researching many Intranetsecurity problems and technology and analyzing the demand of the Intranet’s security.This solution is basic on the public key infrastructure structure, and the file filteringtechnology improved the data encryption protection, the security audit technologysupplied the function of checking. Besides, the solution add the identify level innovatively, the certification authority publish different level digital certificate fordifferent identify level in order to manage different users and protect differentinformation. Finally, on basic of this solution, the prototype system has beenimplemented, and has been test from identity authentication, data encryption, accesscontrol, safety audit and terminal management and other security strategy. And thereading speed, writing speed and transmission speed of the system has also been test.Test result shows the system has its function advantage. And what the system gives up isthe operation delay that the user can bear. The system fully coordinated by the Intranet’ssecurity needs and the performance’s demands, so it has certain practical value. |