The Design And Realization Of The Internal Network Of Early Warning Systems

The security threatening model of outer network assumes that the internal-network is always safe and trustable, and all the threatening comes from the outside network, mainly through the peripheral egress between inner and outer network. However, the internal-network's threatening model is more comprehensible and dedicated compared with the outer network security model. It supposes that in the internal-network, any terminal, user or network is not safe or trustable. Threatening might either come from the outside, or from any point of the internal-network. So under this security threatening model of inner network, we need to have more dedicated security control management for all the component points and participants.The internal-network security monitoring and audit management system aims to provide uniform layout for the internal-network's security architecture, and to help the enterprise build tridimensional information anti-releasing system and monitor the employees' working condition by small-granularity security control measures, which results in a manageable, controllable and trustable internal-network, plus an improvement of enterprise productivity. This system can monitor the security situation of ever personal computer in inner network and can log its unacceptable behavior in order to the administrator's management.The internal-network security monitoring and audit management system introduced in this thesis has the components of monitor sub-system, network-monitor sub-system, sub-control sub-system, control sub-system and transport sub-system. This thesis makes an exposition of the system architecture, interface and the main modules of monitor sub-module.In this thesis, the most important and complex module named File Operation Monitor is researched and discussed, especially on the technique implementing this module and at last, the Windows file system filter driver technique is picked by our system. The totally hole progress used this technique is stated by this thesis, including how to resolve the actual problem in this process. And then, hwo to combine this File Operation Monitor into our system is discussed.