The present invention relates to an access control system for a security audit and control for a server remote access session based on an encryption communication protocol which controls corresponding access in accordance with a security policy when a user uses an encryption communication protocol (SSH, SFTP) to remotely access a server and perform a job for security management of the server in which the main information of an institution is loaded, and loads a job history for a subsequent audit. The access control system for a security audit and control for a server remote access session based on an encryption communication protocol comprises: a server handler to receive a hooked message of a communication application, perform key distribution with the communication application, and decrypt the hooked message of the communication application when the message of the communication application is hooked by a network hooking driver installed in a user terminal; a security policy inspection unit to determine whether to permit server access of the communication application, and analyze a decrypted message in accordance with a security policy to determine whether to permit the corresponding message; and a client handler to perform key distribution with the server when server access of the communication application is permitted, and encrypt the corresponding message with a key of an access control system to transmit an encrypted message when the corresponding message of the communication application is permitted. By the access control system, when using an encryption communication protocol (SSH, SFTP) to access a remote server, encrypted communication information is decrypted to perform security inspection and relay communication to control remote access, which cannot be executed in a parameter form, to improve convenience and strengthen security.
展开▼
