The Design And Implementation For The Internal Network Environment Security Scanning System

With the rapid development of computer networks and communication technology, using open network environment for the global communications has become a trend of the developing times. Whereas, while the internet offers convenient common resources, it also brings a wide range of security risks. How to sustain the network security and how to stop hacker's attack has become the problems waiting to be solved in network appliance. According to the study it is found that the attacks by hackers and viruses are usually fulfilled through security vulnerability already existed in the target system. So as long as we find and repair security vulnerability, the target system can withstand most of the hacker's attacks. At present, the study on analysis and scanning technology of system security vulnerability has become very popular in the information security field.The main task of this paper is to meet the practical needs of the campus network security of certain school in Xiamen, and to design and develop an inner network security scanning system. Network vulnerability scanning system is the automatic long-term detection tool to check the mainframe security vulnerabilities procedures. It can detect system vulnerabilities, hidden dangers and security vulnerabilities in targets mainframe and open ports and the operation services. The Security vulnerability scanning technology can detect network vulnerabilities, so that network managers can understand the vulnerability of the network in advance to ensure the security of the campus network.This paper mainly discusses security scanning technology, and thoroughly analyzes the basic principles of the network security scanning. It also involves the mechanic realization of the port scanning, the operating system analysis as well as the vulnerability scanning and so on. Based on the above discussion, it offers a design on the network security vulnerability scanning system. It fully states the goal of the system design, system architecture, the basic functional modules, various modules logical relations and the procedure flow, and the essential technology needed and so on. The system has carried on the following functions: scanning open ports; judging operating systems; scanning FTP vulnerability; CGI vulnerability and so on. We will apply the system to the campus network security management in certain school in Xiamen and it will generally satisfy their security needs.