Research And Implementation Of The Key Technology For Distributed Host Monitoring System

With the popularity of personal computers and wide use of Internet in the world, computer network becomes more and more important to everyone's daily life and work. But also gives many new challenges to information industry. Typically, intranet frequently suffers from anonymous attacks, internal confidential information often being leaked. To face up to this reality, enterprises pay more attention to the rationality and security of the intranet and host's resources usage. Therefore, the research and realization of general-purpose host monitoring system has important realistic significance.According to management requirements of the large number of LAN hosts, a model of tree-based secure domain is introduced to implement distributed host monitor system. The hosts are managed unified in the domain, the distribution and concentration of two ways to configure the control policies of host's resources. It can also monitor all the hosts in the domain to prevent abusing resources and blocking them.This paper focuses on three key technologies, targeting the latest Windows 7 platform: (1) File system monitoring, which is proposed based on the user and kernel model of the double-layered mechanism, minifilter framework is used to implement kernel level monitoring. File and storage monitoring are in the realization of the unity; (2) Network access control, which is proposed based Winsock 2 SPI, using application layer network packet filtering, it has the advantage of running at the application layer, in the form of dynamic link library, high efficiency and stability; (3) Agent program self-protection technology, by using the hidden technology to achieve the hidden of the agent process and protecting process. The relevant associated registry entries and files are hidden, and double process protection mechanism is applied. By integrating above several protect technologies to ensure a reliable running and layout of agent process. At the same time, I give a detailed description on the general framework of the overall system design, and figure out the key part of design.