Design And Implementation On Network Content Audit

As the internet has been borned,there are many problems and challenges in the security field that man must faced.Especially in recent years,internet has come into the every aspect of the people. It requires more efficacious measures to ensure that the internet is safely.the internet context audit is the foundation of the security,so many experts have taken more attention on it.And the researchs on it have more and more maturated.Although internet information is one part of the information system,it has all kinds of technology include all kinds of arrangement and all kinds of category.And the same time the security of the information and compute information audit is not only a technology problem.At this aspect man and criterion system are more important than technology.This aricle bases on the internet content audit system of the middle-little enterprise.The system provides the following functions:1,Powerful session recur. We can recur the application layer protocols(HTTP,FTP,SMTP,POP3,TELNET etc.) of sessions with real time and historical time.2,The control of internet data transmission with minor granularity. We can control the data with it's head, at the same time we can control of internet data transmission with minor granularity .And take correspond measures according to customized rules.3,Self-contained auit function. It can scout and record all of the internet activity and provide agility,self-contained analysis and query of mechanism.The system has the following parts:1,The server take access to collection model to sniff the originality data wrap of the internet. The scopes of collection obey to the collection rules that can be set up through the client.2,Recombining model recombines the IP wrap to TCP wrap, then recombines it to application layer protocal data.The data is put into the FTP server's directory that can be download by client.3,Filtration model carrys through the rule filtration with the recombines.Every TCP wrap will be put up the real time analyse, then record,alarm,break according to rules.4,Database model puts the dialogs and records into the database,and read in the rules when the system starts up.5,Communications model communicates with the client,include informing the client catchs the new sessions and updating the state of the communications and accepting the system setup.6,General model takes charge of collectivity attemper .It is related with other models.The client has the following parts:1,Setting model takes charge of the setup of all kinds of the system parameter and rules,including the server IP address,ports,user password,internet object,filtration rules and collection rules etc. The results of setup will be saved on the client or database according to the diffrence of the setup content. 2,Communications model communicates with the server, include accepting the inform catching the new sessions and updating the state of the communications and sending out the system setup command.3,Display model displays all the sessions with tree form on the UI.If the user wants to know the content (for example the net page of the HTTP session or the process of FTP session ),the model can download the originally session document from FTP server and displayed after disposed.4,Statistic model carrys through every kind of query and Stat about the database records.And displays the content to the users or prints the report forms.The server is based on Liunx operating system.The code uses the standard C language.The database uses MYSQL5.0.22 to implement data wrap catching,inbreak inspecting,session recomposing,content filtrating and dialog recording etc.The client is based on Windows operating system and empoldered by Delphi.It can implement system setup,session recur,display and query of the information,building of the Stat report forms etc.The communication between client and server are two parts.One part is the alternation of the client and server.We choice the UDP mode.One part is the transmission of the colloquy content between the client and the server.We choice FTP mode.The springboard of the system offer the infimation security pledge for the middle or minor type enterprise.It can be used by the way of absolute security product or cooperated with the security product that the enterprise has owned.Then it can sure more security of the internet .The goal of the product can offer a information audit system with powerful function.In the middle-little LAN (<300 machine) it can record effectively the activity of internet.And it also can offer the real time information audit on the application layer and establish different rules to control the colloquy with the administrator request.