Oversight Of The Auditing System Of Internal Network Security Design And Its Applications

Compared with the concept of inner network security, people are more familiar with the traditional network security. Actually in nature, what the traditional network security considers is to defend the outside attacks on the inner network, called outer network security. The security threatening model of outer network assumes that the inner network is always safe and trustable, and all the threatening comes from the outside network, mainly through the peripheral egress between inner and outer network. Therefore, under this model, we only need to take measures on the network peripheral's security, and thus we could ensure the whole network be safe. But the inner network's threatening model is more comprehensible and dedicated compared with the outer network security model. It supposes that in the inner network, any terminal, user or network is not safe or trustable. Threatening might either come from the outside, or from any point of the inner network. So under this security threatening model of inner network, we need to have more dedicated security control management for all the component points and participants.In this thesis, we shall analyze and do research on the core development technology of realizing the monitoring for inner network security, including API hook and driver programming development, P2DR information system security model, CC rule-based security audit standard of information system, and enterprise access control behavior. In addition, we propose an inner network security monitoring&audit system's design plan, aiming to consolidate the security management of inner network. Besides, we do analysis design for the system's security model, authorization management model, system architecture, system security and database structure. We focus on main functions'design of the management side (server and console) in this inner network security monitoring&audit system.The inner network security monitoring&audit management system is based on the static security defense strategy. For each entity of the inner network, including computer terminal, file server, peripheral device, storage device, file and employee, the system would provide pertinent and small-granularity security control, lifecycle management, identity authentication, authorization management, data encryption, and monitoring& audit. By using distributed authorization management based on the mechanism of role-based access control, it connects the access right with the roles. It divides the fields referring to the layers of enterprise organization, and manages the users and roles by fields. It is designed based on the architecture of"server-console-controlled agent", where the controlled agents will automatically register on the server. It supports multilevel deploying from a single LAN to a enterprise inner network, comprising several LANs over Internet.The inner network security monitoring&audit management system aims to provide uniform layout for the inner network's security architecture, and to help the enterprise build tridimensional information anti-releasing system and monitor the employees'working condition by small-granularity security control measures, which results in a manageable, controllable and trustable inner network, plus an improvement of enterprise productivity.