The Design Of Network Protocol Security Auditing System And Realization Of Its Web Application

At present, network security solutions becomes popular increasingly. System's security auditing, which has great significance for controlling user behavior and auditing after the event, is one the important means to solve the network security issue. And now, according to security industry survey, in the losses caused by security incidents, there are more than 70% that caused by internal staff, including internal staff's unauthorized access, misuse, misoperation and etc. Traditional security audit system has been unable to meet security needs of the current enterprise's operation and maintenance, so in order to solve this problem, this project designed and developed a network protocol security auditing system(SAS), which based on the user behavior.In the basis of researching on the background of the security auditing system, related Theory and the actual development of security auditing system at home and abroad, this paper analysised the key technologies of the SAS. And combining with the investigation of system requirements, this paper analysised and designed the overall structure of SAS. Based on the integration of Spring and Struts framework and according to lamination design concept, the writer designed a architecture of the Web application in SAS, which included data access layer, business service layer, control logic layer and user interface layer. This paper realized six function modules of the Web application in SAS, which included user management, menu management, custom query, query of session and its content, session replaying and report creation, especially realized the parsing and replaying of the TDS(Tabular Data Stream) protocol's packet and RDP(Remote Desktop Protocol) protocol's packet. Finally, writer concludes the whole developing procedure, and expand on the future developing tendency of network protocol security auditing system.Using the technology of Spring and Struts framework, SAS realized afunction of session replaying and auditing in allusion to user behavior based on the B/S structure, and a function of playback of RDP session data via flash forms in the browser. So in this way, it solved the upgrading and maintenance issue brought by using C/S structure, and also maked the system possess expansibility, reusability and maintainability. The system has been repeatedly tested, and it has been running stably and very wel.