The Design And Implementation Of Antivirus System Of Department Of Finance Jilin Province

Nowadays, with the rapidly development of IT industry, global information has become the major tendency of the development of human society. Information industry has become the pillar industry in the human society and network application is omnipresent. Because of the diversity of the connected types, the uneven distribution of the terminal, as well as the nature of openness and connectivity, the network is easily to be attacked by hacker, viruses, worms, malicious software and other malicious attacks. And antivirus is the utmost important section. So virus research and antivirus has become the popular research subject in network industry. In the finance system, the attacks of viruses will cause that the terminal computer can not connect the server or the computer system can not be used. If such kind of problems occurred in some important time period, such as the central payments of national treasury, budget, year-end accounts and so on, the damage to the financial network applicative system is beyond measurement. The financial network of Jilin province is often damaged by virus. In order to better complete the job, I decide that my research direction is anti-virus protection.My research content includes:Study and research on foundation of traditional virus and relative content of emerging virus. The research focuses on the compound virus of file type, worm type and Trojan virus.The research and prospect of antivirus software operating mechanism.With the above study and research result, I construct the financial information network secure antivirus system of Jilin province.During the vicious break out of Worm. SaodangBo.a.94208 in financial system of Jilin province, I study and research the function and value of the constructed antivirus system and find out the vulnerability and deficiency.According to my in-depth study and thoughts on the new feature of virus and antivirus system, I reconsidered and made new suggestions on financial information network antivirus system of Jilin province.Considering the practical demand, combining the research and analysis on ARP virus and worm virus, according to the customized programs, we searched, screened and assessed the related-function products. According to the actual demand on network security of the Department of Finance, I choose some products which highly fit the needs of Finance Department on both function and applicative method. And then I decide to do further testing and implementation. At the same time, I would also complete security platform construction with its products.We construct the simulation environment in the computer room and training room to test the selected program.Measuring Worms categories: worm virus can automatically spread through the internet. If there is any vulnerability, the computer will be infected. Even though antivirus software can kill the virus, the computer resource will be consumed. If there is any computer without valid antivirus software, worm virus will detect all the computers in this network, consume the network resource and this network will not be pure. If we use the 3-layer network antivirus equipment to monitor the worm data pack and discard it directly when we find it, the virus will not be transmitted and spread. We use the coercive means to ensure that all the computers have installed anti-virus software and necessary system patches program. The results are that the viruses can be killed, be prevented and no vulnerability, so the problem of this virus can be completely solved. In the security assessment testing requirement of NVWE anti-virus wall, we added checks on the installation of anti-virus program and upgrade status. To the windows operating system of Microsoft, we added checks on the fix situation of MS08-067 bug. If any computers with the two problems access the network, the assess visit will be redirected and complete the security fixes forcefully. When the computers which did not install the anti-virus software access the network, they will be automatically transmitted to the link with the anti-virus installed or installed automatically page. When the computer which did not install Microsoft vulnerability patches access the computer network, it will be automatically transmitted to a pre-programmed patch download page. After all the terminals install the antivirus software and system patch compulsorily, in the safe isolated areas of 3-layer antivirus wall, there is no worm virus destroy any more.ARP type: APR deception is little done through client to client, except the customized, targeted information stealing. To achieve the above ideas, we need to bind all the terminal computers with MAC address of your gateway, which is ARP-s .Then, use some software or program to check whether your computer's ARP messages is normal or not, if it is deceptive message, it can be automatically stopped. Deploy the NVWE anti-virus wall devices in the network gateway, in a transparent way to access to the network. When terminal computers want to access the network, the data packets have to go through the gateway anti-virus wall equipment. After the anti-virus wall equipment collects the IP and MAC address information of each vlan gateway, the client agent software will automatically and statically bind them to all the terminal computers. And ensure the computers not suffer the ARP deception about gateway MAC address and guarantee the normal use of network. Meanwhile, agent will automatically detect whether the ARP packets send by this computer is a deceptive one or not; that is whether the IP and MAC address information of the send ARP data packets is corresponding to the computer or not. If not, the data will be automatically prohibited to be send and the system will remind the computer administrator.The program test results show that this program meets the needs of Finance Department in network security. We combine this program with the requirement of the Ministry of Finance and fully implement into the financial system of our province. We also enhance the management and control of terminal computers, and we achieved good results. I have published the entire process of research, analysis, design, testing and implementation in the Financial Research of Jilin Province publication. And it promotes the implementation in the finance system of Jilin Province.Some time ago, the financial network was attacked by Worm.SaodangBo.a.94208. It is actually a very bad Worms Virus which occurred in the end of 2008. After the"black screen"made by Microsoft occurred, this kind of virus takes advantage of the major security vulnerability MS08-067 to attack the network. The fundamental method to solve the Worms-like Virus is to repair all the Windows end-system vulnerability.Later, Worm.SaodangBo.a.94208 becomes a compound virus which combines web page Trojan, automatic response and Worms. In the process of solving this vicious virus, after further investigation, I tested and verified the practical defensive ability of the antivirus system. At the same time, I also find out some existing problems. After my further study summary and research on these problems, combining the new conception, I redefine the construction of financial system antivirus system and perfect the bug node existing in the system.All in all, Jilin financial network security is one of the priorities in my unit. And it is also the key point in my study. In this anti-virus work process, I fully used what I have learned in this period of time and applied them in my work reasonably. At the same time, I sorted out all the research, analysis, design, testing and implementation which I have done as this on-job engineering postgraduate graduation thesis. As a governmental network security technician, I may not have so much time to work on study and research like students in college. However, applying this period of learning and research theory to practical work is just the significance for school to cultivate our on-job postgraduates.