| 摘要 |
<p>An access control method, device and system. The access control method comprises: a policy management device receiving a network data flow control behavior request from a network traffic processing device, and obtaining an attribute value of the network data flow from the request; determining a security domain of the network data flow according to the attribute value of the network data flow; searching, according to the security domain, for a corresponding control policy based on a network data flow attribute, and determining a control behavior on the network data flow according to the found control policy and the attribute value of the network data flow; and sending the control behavior to the network traffic processing device, so that the network traffic processing device processes the network data flow according to the control behavior. By means of the foregoing manner, the present invention does not depend on a virtual port of a network isolation technology or the network isolation technology supported by a security device, so that multiple users share one security device and separately apply their security strategies without mutual influence.</p> |
