Based On The Transparent Protection Technology Within The Network Security Research And Applications

As enterprises, government, military and public institutions'level of informationization advance step by step, the method of saving information by paper is substituted by electronic documents. The widely use of electronic documents saves a big cost of production, and brings convenience to the staffs, greatly improving the production efficiency while electronic documents are convenient to take and easy to copy. For these characteristics, leaking out confidential information through the ways of electronic documents becomes more and more widespread, which brings a big thread to information protection. From the current growing information leakage incidents, we conclude that protecting information from leakeage is urgent as well as burdensome.Currently, in order to protect intranet information, enterprises generally put all kinds of limits to the internal networks and hosts, for instance, constructing Military Zone, partitioning VPN, disabling external devices and so on. Actually, the more limits to set, the safer the intanet becomes. However, all these limits will greatly degrade the usability of host system, which brings staffs a great deal of inconvenience. However, if no limits are put to intranet and hosts, their safety will not be guaranteed. So, on the one hand, if we are to ensure the security of information within the network, we can not take into account the user-friendliness. On the other, if we are not to debase the host availability, we would have to sacrifice the cost of data security. Data security and user-friendliness are showing the contradictions that the fish and bear's paw can not have both.In order to coordinate contradictions between the data security and user- friendliness, this paper bases on Windows system, and take the technologies of Windows file system filter driver, dynamic encryption and decryption, kernel analysis, Rootkits,etc.What's more, combined with the theory of intranet security, this paper presents a comprehensive system of protecting intranet information. It follows the principle of global consistency, taking the security policies, such as status authentication, authorized access, data encryption, and access audit, etc. And it can protect information before, in and after the incidents. When this system is deployed in enterprise intranet environment, there is no need of users'training beforehand. And it will not affect the normal operation and use of user habits, without degrading the host's usability. It can realize the transparent protection. On the other side, electronic documents will be encrypted automatically within the internal environment. When they are brought out, they will take on the state of chaos. It is environment-dependent, which effectively protects intranet information security. To sum up, it protects information from leakeage while it does not reduce the availability of the user.