Network Security Audit System, Information Retrieval And Report Generation Design And Realization

As developing and widely using of computer network, the safety of the network catches more and more attention of the people. There are about 65 percent of the network incursions and breakages come from the interior according to some Stat., because the personnel come from the interior and be familiar to the network, have some authority and also behind the firewall, they are very convenient to do some devastating activities. Network security auditing system catches more and more attention of the system administrators.By Trusted Computer System Evaluation Criteria (the national standard of U.S.A.), Log and reappearance are the necessaries to a network security auditing system and it must record all the events about the safety, if necessary, it can recur to the past event. So the module about information search and reports is good or not is the important side for a network security auditing system.The main functions of the information search and report module are search certain logs of auditing and network sessions, make the reports about the search results and the reports can be loaded as the common document format and printed. The reports can be used to be the evidences for some suspicious activities. Session recombined is one function of the module and can recur to the certain session and show the entire session process.In common report system, the number and the style of report module is fixed. There are so many blank modules in the system even if the system is not run. When the system run, only one module is being used-this is a waste for the system even if it is easy to be realized. And with dynamic report technique, there are no report modules in the system (In some system used this technique except Quick Reports, such as Crystal Reports, there maybe has one blank module file).When the system is running, user select some search options, the system will "new" some report module and some elements in it and then filled it with the result of search. The memory that it possessed will be "free" when this operation is over.Session recombined is combine all dividedly data of session to be an entire session that user can comprehend. Email is very import to the user, so in this system the mail included in the sessions will be saved by files and can be viewed withoutlook express. Dynamic Link Library file is very common is the Microsoft Operation Systems and it is also very useful in the modern software development.In the dissertation, I will introduce these techniques detailedly according to the network security auditing system of Beijing Hisense Digi-Tech Co., Ltd.