| On January 1st, 2000, National Administration for Protection of State Secrets promulgated the Regulations on Administration of the Maintenance of Secrets in the International Networking of Computer Information Systems Provisions. The rule of part one, article 6 is that computer information systems involving state secrets may not be directly or indirectly connected to the internet or other public information networks. They must be physically isolated.For the sake of safety of confidential data, some secret Units forbid confidential computer to be connected with Internet and forbid the use of unauthorized USB peripheral on these computers. But some internal user may break the security rule and connect confidential computer to internet, or for convenience of data copying, some user may use unauthorized USB peripherals to copy data in private network and then use in computer which is connected with internet. Both the two behaviors have the possibility to cause the leak of confidential data. As an effective technical assistant for administrator, Confidential computer monitor and manage system can monitor the illegal external connection in the whole private network thoroughly and real-timely, and forbid the connection to confidential computer of unauthorized USB peripherals. This paper studies the confidential computer monitor technology. The main contents are summarized as follows:1)The illegal extra-connection detecting technology.Now we can know that there are two ways to implement Illegal Extra-Connection Detecting Technology --Frame Detector and Client Installing. The two ways have some advantages and disadvantages. This paper gives a new monitor system to overcome the disadvantages of the two ways, which can monitor the confidential computer all time.2)PE file writing can prevent information from being tamperedTo prevent user from finding and modifying the configuration file which saves the address and port of alarm server and cause the program to run normally without giving out alarm when detecting illegal behavior, this system will directly encrypt the address and port of the alarm server and the serial number of the authorized USB peripheral and write to some place in registry program, user can not find and modify them.3)Realize short message real time alarmingIn order to strengthen the real-time ability of system alarm and lessen the workload of administrator, the alarming center of this system will immediately send short message to administrator to check and deal with the alarming event when receiving alarm from client.4)USB removable devices detecting technologyWhen a USB peripheral is connected with the registered computer, the client will check if the unit has authorized it, if not, the client will immediately disable the USB port to prevent the leak of confidential data, and record the connected time and serial number of the peripheral. An authorized USB peripheral can use normally on this computer. |
PDF Full Text Request