| With the popularization of computer, the development of Internet and the continuous increase of netizen, the network security have to face more and more problems. The traditional network security problems include the computer virus, the account number to be robbed, the hacker invasion and the malicious website and so on. Compared with these problems, in the unit the net users waste network resources in their working time meaninglessly,some users reveal the unit's secrets, or even to be engaged in the network criminal activity which may becomes a new threat to network security. Facing this situation, a lot of enterprises, governments and education departments all need to carry on the security audit on inner net of the unit. In order to satisfy this kind of request, this dissertation putted forward a kind of realization project of network information security audit system, concretely designed and realized the equipment in the surfer place end of system. This equipment developed on the base of the CPU of the Intel x86 frame and Linux system. It provides a new technical way to resolve the problem of the information security audit for the inner net users, it has the strong practical significance.This dissertation first analyzed the network security as well as the domestic and foreign network security's present situation, it also has summarized Linux OS and its powerful network function. Then as a whole it designed the network information security auditing system: the network topology way that the system used, the function that the equipment realized and the hardware frame and the software frame of the equipment in the surfer place end. By the comparative analysis about many kinds of CPU frameworks, it ensured the hardware platform which the equipment selected. It divided equipment's software architecture into Linux system and all kinds of application program under the Linux platform. Then according to the need of system, it designed and built the Linux system which is in keeping with hardware platform. Concretely it discussed the process of configuring and compiling the Linux kernel and building root file system. It introduced the design of information audit program later on and this is the core of the equipments' software part. The program was divided into 4 modules: the network data packet capture module, the network protocol analysis module, the database storage module and the contrary information alarm module. It designed each module concretely, analyzing and realizing the network data package capture technology, the protocol analysis technology, the database storage technology and the alarm rules matching technique. It has carried out the protocol analysis from the link layer, the network layer, the transport layer until the application layer, and concretely analyzed the HTTP protocol and SMTP protocol of the application layer. |
PDF Full Text Request