Research And Realization Of Distributed Network Security Audit System

With the application of computer and the development of computer network, information security and network security problems become more and more important. In this case, security audit system comes out, it works as a third line of defence protecting the system from the security issues can't be detected by the firewall and the intrusion detection systems. And it makes all of the information system visual, it records security events occur in the system and afterwards evidences for real-time analysis and unauthorized activities.The article consists of two parts: one part studies and summaries the status of electronics and information security and the theories and technologies of security. The other part designs and partly implements a distributed network security audit system.Start from computer information security problems, we introduce the criteria about secure evaluating. Based on the introducing and analyzing the relevant technology of information security, we come up with the concept of security audit system, and give a more systemic summarization and expatiation to the system and its relevant technology. Then, according to the demands of information security and needs of security audit function to the CC criteria, we design a distributed network security audit system which leans to the security of interior network. The system takes a particular technology that combines with distributed audit and a group of Agents.Logs obtaining and intact audit of analysis comprehensively ensure security audit to the information system, we introduce some designs of the primary technologies taken on the distributed network security audit system, including: intrusion detection design, the function of audit console design, the agent based on host and audit protocol design.At last, based on operation system of Windows XP, data-base system Mysql and using Visual++6, we work out partial module of those functions: main interface based on host of audit system, real time supervision of network flow, host-log, regulation setting, collecting and querying audit-information of screen, keyboard or mouse.