The Design And Implementation Of The Active Defense System Base On The Whitelist

There are three ways lead to leak in the intranet of the party and government organs, the first is secret machines connected to the internet caused leakage, and the second is the cross-use of the removable media caused leakage, and the third is the invasion of some unknown Trojans, malwares caused leakage. For the third type of situation, the party and government organs generally applied the way of install antivirus software to prevent running malware on the users' machines. However, the update of antivirus software signatures is later than the found of the malware, and this is a way of killing based on the blacklist, that the antivirus software only with the capacity of kill malware after the discovery of the malware added to the blacklist. Therefore because of the lag of the antivirus software, it can not found the unknown, new malicious programs and viruses. To resolve the major issues in the party and government organs, relative to the way of killing used antivirus software based on the blacklist, we define a active defense system based on the whitelist that can effectively defense the running and spreading of the unknown malicious programs. The whitelist is the file fingerprint collected from the software trusted by administrator, then through the matching of the file fingerprint can prevent running the unknown software to control the running and spreading of malwares fundamentally.The main function of the active defense system based on the whitelist is collect the file fingerprint of all trusted programs, divers files, DLL files, through the whitelist collection program, into the whitelist database. The client software verifies the executable files, driver files, DLL files through the bottom control technology, allowed to run within the whitelist database, otherwise prevent running. It prevents the running of the software has not been collected file fingerprint in the client, and sends alarm information to the server, records details of the illegal software and information of the current machine. Administrators can get to know the software information to determine whether it is virus, Trojan horse program and for further processing. It establishes a unified trusted security software download platform in the LAN, all software spread after fingerprint collected by the administrator, to easy the user to get the software, and to ensure the end-user installed software is safe.Because of the uniformity and the standardization of the application in the party and government organs, the active defense system based on the whitelist can effectively resolve the major issues of leakage in the intranet caused by the invasion of some unknown programs, malwares.