A Security Architecture for Intranet Based on Security Area Division

Aiming at the security requirement of the Intranet that is different from Internet, an security architecture for Intranet is proposed. In physical layer and data link layer, based on network switch the intranet is divided into several parts separated from each other as required. In network layer, making use of the NAT gateway integrated in virtual server the intranet or its part is hidden to ensure its security, and at the same time the other part of the intranet can securely access to the part of hidden resources. Using reliable IP address management and distribution mechanism the IP addresses are kept from being stolen or abused. In application layer, using bi-directional proxy server each part of the Intranet is separated, but the hosts can access each other based on application and user authority. The security switches are used to connect each separate part of the Intranet, based on application as well as user authorization control to carry out network access control. The security architecture focuses on security guarantee of intranet inside the traditional network boundary, and provides foundation framework to Intranet security which can ensure the reliability, usability, confidentiality, integrity, and maneuverability of the Intranet.