| The problem of network security turns to be more critical than ever as the drastic growth of the Internet and the speedup of modernization in China. It is urgent to establish a set of network security assurance system. However the popular network firewall, intrusion detection system and encryption application technologies commonly emphasized on the prevention of outside intrusion and the behavior from insiders is less considered, so network security accidents such as the unauthorized disclosure of secret occurred frequently. The network security audit system can discover and prevent the inside misuse by recording and checking the behavior of network access. Thus it is meaningful to study and develop the network security audit system.In this paper studies are made on the technology related to the network security audit system. Moreover, a design and implementation of the network security audit system based on the sniffer technology is given out aiming at the enterprise network of medium and small scale.The main content of this paper is as follows:(1) The research background, meaning and goal of the network security audit system are introduced. The relevant technologies of the network security audit system including system architecture, data source, and network service control are studied. Then, this paper analyses several network security audit systems.(2) The function requirement aiming at the enterprise network of medium and small scale and the architecture of the network security audit system is defined. And every part of the system design including data collection, data analysis and processing, network service control, and user interface is detailed described. The relevant key technologies including data collection and storing policies, data analysis and processing are also given out in detail according to the system functions. Then based on the actual need of the network security audit system, the corresponding solutions are described one by one.(3) The detailed analysis of data packet in TCP/IP protocol suite is given out. On the basis of it, a layered protocol analysis module is designed and realized in this paper. In this module, the paper analyses and compares three common session rebuilding technologies. The standard interfaces and the clear layers makes the module is used and extended easily.(4) The general implementation model of the network security audit system, the function and implementation methods of every sub-system are presented. The implementation of the system provides a good platform for the enterprise network managers who working on the actual enterprise network. By setting the system parameters, the enterprise network managers can use this system in the different enterprise network environment.(5) Finally, the test environment and results of the network security audit system are described. Furthermore, the thesis analyses the performance and capability of the... |
PDF Full Text Request