Research And Realization Of Monitor Technology On Illegal External Link Of Classified Computer

In order to ensure the security of the classified network, the main measures used currently is to isolate the classified network from external network, it provides a safety boundary between the classified network and external network which reduces security threats from external network. However, there are many security risks in the classified network, the problem of classified network security caused by illegal external link of classified computer becomes increasingly serious. Using the monitor technology can monitor and break the illegal external link behavior in the classified network and ensure the security of the classified network.First of all, the paper discusses the research background and the current research status of monitor technology on illegal external link at home and abroad, then describes the function and implementation of the related monitor products, and makes a research on the common methods of illegal external link and related technologies. Then makes analysis and comparison on monitor technology on illegal external link which based on packet detection mechanism inside the network and client monitoring mechanism.In addition, the thesis explored deeply into the monitor technology on illegal external link based on the NIC method. Based on the front research, the paper designed a complete monitor system on illegal external link, and gived the design details and implementation of each modul in the system.The paper focuses on the research and implementation on client process protection technology and real-time alarm technology which is difficult to solve in the traditional monitor system on illegal external link. The system improved the performance of the client's hidden through the way which used the svchost system process loaded client process, and used process protection mechanisms to ensure the safety of the client. Further more, the system used SMS alarm method to improve real-time alarm capacity compared to the traditional alarm methods such as web alarm method and email alarm method. Finally, the test is taken on the system both in functionality and performance, the result of test shows that the system has good usability and stability.