Security Control System For Removable Storage In Government Network

With the popularity of removable storage devices, removable storage use have begun to threaten the safety of government departments have be threaten by using these removable storage devices. The normal work of government departments have be threaten by viruses which has been spread through removable storage devices, ferry attack and confidential leaks through removable storage devices. Last two years, the safety of mobile storage media has been mentioned in the latest documents. The information on the government networks has to be strictly controlled, especially some classified files. In the networked office environment there are many effective ways to monitor the transmission of these classified files. However, with the popularization of USB storage devices, external USB storage devices are often connected to the computers which should only be used inside the Special Net for government. Likewise, there are many dedicated USB storage devices often be connected to the outer net computers randomly. Furthermore, phenomenons of mixing the USB device between different departments are serious. All of these are approach for government documents leaking, and if these USB storage devices are not be controlled strictly, lots of viruses will be spread via them.Existing domestic mobile storage security control software are generally achieved by a special hardware to control U-disk permission access and secure access. And some through the combination of software and dedicated hardware; also some products only use the software. But these software products usually focus on the internal network management, to take the local host virus killing. This system realized the of removable storage devices in government networks via software, without additional hardware. This software take the U-disk centralized management and centralized virus killing, instead of the local antivirus.After the research and experimentation, in the basis of fully analysis of existing research results, this project realized the safety access and permission control of U-disk by taking the centralized management of the servers, as the Potential security risk and information leakage of U-disk also has been solved. By taking the client/server (C/S) mode, the U-disk checking server was set up in the government network which to realized the centralized management for U-disk. When the U-disk is inserting the computer, the computer will connect to the U-disk checking server and obtain the access permission of U-disk; in the computer local user can use a dedicated browser to accessing the U-disk; the files in U-disk need to be uploaded to U-disk checking server for virus scanning and anti-virus, the file will be encrypted in the transmission process; U-disk checking server not only providing the U-disk permissions, but also provide inspection virus, U-disk operation records and audits, the management of U-disk using strategy.In conclusion, this paper will be divided into five functional software modules, as: U-disk control services, the specific browser of U-disk accessing, U-disk rights management, U-disk operation base DLL, anti-virus of files. The five modules provided users with file operations, U disk monitoring, anti-virus, logs, access control and other functions. The Concrete process of this software is:1) When the system detected the external U-disk accessing computer, a service will be triggered to read the U-disk serial number. After obtained the serial number of U-disk via Windows service the U-disk management server will provided management services for the U-disk access permission in this computer.2) As the users'operation interface was unified, making the operation of documents easy and unified. When the user inserted the U-disk to computer, has to obtain the permission of U-disk. If there is failure to obtain the information about U-disk permission, can only browser the computer. Only with the access permissions of U-disk, the operation to the files in computer can be permitted. The dedicated browser can realize the function for files upload, download, delete the selected files, U-disk formatting and other functions. The operation will generate a log file; log will be saved in the database.3) All users need to apply for permission to the administrator. A U-disk serial number will be send to the administrator as a parameter by user. The web services according to the serial number and the request IP to obtain the user's departments and classified information and the development of good group strategy to return a permission for the user.4) The upload and download of user's file is carried out based on SSL, FTP. The file will be encrypted during the transfer process; this region also provides access to anti-virus module, when user is uploading the infected files the virus will be killed by system. 5) The server was be monitored by the anti-virus module at intervals of five seconds whether there was a file upload. File upload will trigger the anti-virus program. The files in the upload region will be scanned by the anti-virus software which in this software. The clean files are sent directly to the download area. The results of anti-virus will be generated as logs, virus logs saved in the database for inspection by the administrator.In this paper, the above functions were realized via pure software methods, avoiding the problems of upgrade and compatibility issues which caused by using dedicated hardware. Using the remote anti-virus technology and centralized management of U-disk. could realize the anti-virus and anti-Trojan House function while using the U-disk, and could avoided the leak and hidden risk which brought by local anti-virus. Local service is running in the background, not only monitor the U-disk without interference users but also strictly control user access to U-disk. By using U-disk checking servers, the system plays a supervisory role, could enhance the safety of using U-disk in the government network, monitoring the movement of internal documents, and prevented user misuse or intentional operation of secret internal documents leaked. As the operation of U-disc was supervised and limited by the local service, effectively prevent the viruses and ferry attack which caused by using U-disk.