Research And Implementation Of Key Technology Of Intranet Security Management System In Windows7

Traditional border security technology, such as perimeter firewalls, intrusion detection system (IDS), can be able to prevent attacks from the internet to protect important information and internal resources not to be stolen illegally. For the internal network security, traditional border security technology is beyond for network defense. This requires an effective management system of internal network, without prejudice to the use of internal personnel office, though effective monitoring of audit, controlling the behavior of the corresponding terminal, to reduce the occurrence of breach or attack and tracing those responsibilities when some incidents occur.To solve the internal network problems and the need of network security management system, this thesis research and realize part of audit technology on Windows7 platform; it can implement the network security management on the Windows platform.Firstly, this thesis describes the study of the network security management system and the knowledge of relevant basic theory of the audit technology in Windows client agent. Secondly, this thesis describes my analysis and implement of three monitoring audit model in the host agent in Windows7:including the winlogon module based on USBKEY by studying the traditional winlogon in Windows7, and improving system security and winlogon accuracy by replacing the traditional winlogon; file audit module based on COM Hook by studying way of API interception, to audit the operation of the behavior of computer files, when some information leak, it can trace the responsible person; peripheral control audit module based on registry and WMI, analyzing the advantages and disadvantages of the two ways, effectively controlling the peripheral can prevent the spread of the virus and the leakage of confidential information. Finally, this thesis combines the host agent and Windows domain, through the dual system management; it can control the network terminal effectively. Through achieving several modules above, for the network host, user login, file operation, using peripherals and others can be controlled and audited, protect the network security of the terminal effectively.Though the actual environmental testing, the thesis gives the functionality of the relevant tests, effectively control illegal windows logon, audit log reporting, implement the function control, manage and monitor the network hosts effectively, complete relevant security and finally describes the summarization and prospect of the entire research project.