| With the development of net attack technology,old security instrument can't protect our operation system effectively,and the Host-based Intrusion Prevention System (HIPS) becomes more important because of its work mechanism. As a new kind of host protection means emerging in recent years, HIPS can identify traces of attacks and prevent them effectively by loading with the rules which are consistent with the pre-defined security policy to monitor the protected computers'input and output, and also the programs' behavior.Combined with the author's practical work on the Project, "One Host With Multi-Nets", and for the using difficulties caused by rule-making, which limits the popularization and the development of HIPS, this paper proposed a monitor system, HGMS (Host Guard Monitoring System), which is based on C/S architecture and applying HIPS related technologies under the environment of LAN. The system's main function is achieved by server-side application's monitoring and management of the remote client hosts. The client-side with monitoring function is concerned as a permanent process running on the client host, the rules loaded by client-side are unified made and dispatched by server-side and the server-side is responsible for managing and controlling the client-sides'running condition.This paper focuses on the studies of two important mechanisms during the process of the server's concrete realization, including conflict detection while making rules at the server-side, the concurrency communications between server-side and multi-clients and network security issues in the process of communications.On the one hand, because the rule set is made and dispatched by the server application, focusing on how to make sure its consistency and effectiveness at the server-side, this thesis studies deeply of existing rules conflict analyzing ways and classifies them into common rule partnership conflict analyzing, bit vector rule conflict analyzing and Policy Tree based rule conflict analyzing. And due to the particularity and complexity of the rules definition of the HGMS, based on the methods above, this paper put forward a most practicable way to design the module of the system's rule conflict analyzing. Theoretical analysis shows that this method can effectively detect the rules conflict to ensure the consistency and effectiveness of the rule set, and then improves system security.On the other hand, in order to realize server application that can handle tremendous client requests and data communication, through the analysis of Windows network models, the paper proposed a method to design the telecommunication module based on IOCP which solves the problem occurring in the case of there are clients connections of great capacity and the frequent receiving and dispatching of low capacity data packets. First, the IOCP mechanism and some concepts interrelated are introduced; Second, the solutions to some crucial problems are discussed. Then a sever application based on IOCP is developed. At last, the validity of the system is verified through test and performance analysis. Meanwhile, based on the whole implementation of the system architecture, the paper explores how to use today's common cryptography technology to achieve secure communication. |
PDF Full Text Request