| Because of the convenience of external storage devices, CD-ROM, Floppy drive, USB devices and other external devices are widely used. It makes the allocation of resources more reasonable and the enterprises run more efficient but also bring in some security problems. Therefore, external devices monitoring is important for the intranet security.Most of the researches aboard on external devices monitoring use Windows registry in user layer and API hook technology in file driver layer. In this dissertation, the anthor deviates from them and uses the filter driver in kernel mode of Windows systems to achieve the external devices monitoring. This dissertation is the author's summary of the theory and implementation after joining in the development of an intranet security managenment subject. The external devices monitoring module is made up of CD-ROM monitoring module,Floopy driver monitoring module, other devices monitoring module and Log Audit module.Research on the WDM Driver Model,this dissertation has designed and realized the access control of CD-ROM and Floopy driver, not only provides completely forbidding mode, but also the read, written mode and so on.It can fit all kinds of users'demands. And the access control is in the kernel mode, can takes little time to run. Based on this monitoring module, adding the Log Audit module that can collect and store logs of CD-ROM,Floopy driver and other devices in time. It also can query and analyse logs, and provides a management interface for users. Finally, functional test were carried on. Now, each module runs on the security platform steadily. |
PDF Full Text Request