| Along with the rapid prevalence of the Internet, the new age of information security is fast becoming a matter of what is built into the box to give approved users access. while the traditional security solutions usually focused on the network border, consequently the internal network security is often underestimated by its administrators, to solve this problem, an advanced internal network security audit system is developed. As one of this project's most important sub-system: network communication behavior monitoring system, which is devised to be responsible for manipulating the action of network-related applications according to the security strategy.This paper presents an analysis of various techniques that can be used to filter network data and network packets based on Windows 2000(/XP) network architecture. furthermore, this paper proposes an alternative three-layer filter model: from user mode down to kernel mode, implemented by applying Winsock 2 SPI,TDI filter driver as well as NDIS intermediate driver packet filtering technology. which overcame the shortcoming during capturing packet in kernel mode or user mode only, enlarged the management range of network data, improved system security greatly. To go a step further, this paper also discusses the development process of packet filtering system on Linux 2.4 platform. In short, the results indicate that this network communication behavior monitoring system performs well and it has both practical value and research value. |
PDF Full Text Request