| After the computer network appearing, people talk about network security all the time. Today, network security is facing a huge challenge, which is that all kinds of security threats, attacks and destructions can be found everywhere.Traditional security solutions always focused on the network boundary, overlooking internal network security. The investigation shows that more than 70% of security incidents took place in internal network, and with the network becoming huger and more complex, this proportion still has an increasing trend. Internal network security is facing unprecedented challenges. Security threats faced by enterprise internal network mainly are the misuse of intranet resources, abuse of intranet resources and evil use of intranet resources, which led to disclosure of confidential information.How to strengthen the management of internal network and protect corporate information is a realistic problem we need to solve. Thereby, the technology of strong auditing comes into being. The so-called strong auditing is to use the log to monitor the network behavior or trace, and can obtain evidence later.The research object of this thesis is to provide a complete solution through technical means to strengthen enterprise staff's network behavior auditing, so as to enhance network security risk prevention capacity, and improve work efficiency.In this thesis, we analyze and researche those core development technologies of network monitoring and auditing-- packet capture and pre-processing technology, application layer protocol data analysis and reduction technology, and content auditing technology. On this basis, we also propose a design plan and implementation of the prototype system based on embedded system, design the system structure, the network topology and the database structure, and focus on elaborating the development of main function modules of network monitoring and auditing system.The network monitoring and auditing system is based on a static security policy,and provides small-granularity monitor for employees'network behavior, meanwhile determines whether the act is contrary to security policy intelligently, then records the violations in database. Afterwards, we can re-builds events, extract relevant information from the datacase to prove staff's misconduct. So it can help the enterprise build anti-releasing system and monitor the employees'working condition, which results in a manageable, controllable and trustable inner network. |
PDF Full Text Request