| At present, many computer networks are suffering from a serious security threat. On the one hand, hackers attack or steal core secrets for political or economic purpose; on the other hand, internals of the secret organizations may also contribute to the leakage of information. In order to reduce the breach of confidentiality or attacks, enable the aftermath of these events to be well documented and ascertain the responsibility, it is not enough to just rely on a strict management system, the effective monitoring and audit measures should be used in the internal network systems.The "soft" information such as IP, the computer accounts and so on, are usually used in Traditional monitoring and audit programs to identify the user. But now they are not enough to cope with the complex situation in the network because of lack of precision, authority and oneness. In response to this situation, as well as fulfill the needs of the Intranet security management system project, part of the monitoring and audit technology on the Windows platform was researched and implemented in this paper with USBKey technology.This paper firstly introduced the status of monitoring and audit technology in the Intranet security management system and relevant basic theoretical knowledge, then gave the monitoring and audit model, and analyzed the advantage of the introduction of USBKey technology into monitoring and audits.There are three schemes in this paper, the first one is process white list scheme based on SSDT HOOK and USBKey, it can duly monitor the creation of process, effectively block the illegal procedures by kernel-level HOOK technology; the second one is Windows system logon scheme based on USBKey, it can improve the security and controllability of system logon by customizing the GINA module, with the secure logon policy; the last one is Intranet security file transport scheme based on USBKey and ICE, it can make up for the disadvantage of traditional file transport methods and improve the security of confidential file transport to avoid interception attacks on the network. At the same time, because USBKey possesses the globally unique serial number of the brand-name products, these three schemes used it as "hard" information of monitoring and audit by binding USBKey with the user to solve the problem that traditional methods were not precise, authoritative enough to identify the user and lack of oneness. This paper demonstrated these three schemes respectively and specifically, conducted a comprehensive analysis of the demonstration results. Finally, also summarized and made prospects on this research. |
PDF Full Text Request