Research And Implementation Of Windows Security Reinforcement

With the development of3G networks, e-government intranet, extranet and mobile Internet building continuously promote and improve, more and more obvious supporting role of e-government information systems, information systems and information networks in the day-to-day office and business processing indispensable. The terminal is an important part of the e-government information systems, and its security affects the security of e-government information systems and networks directly, a safe and healthy terminal is the basis of the entire information system and network security. For public security department and other government departments, mainly security threats contains:the destruction of the virus or Trojan, the disclosure of sensitive information, or the unauthorized use of u-disk.This paper studies the security reinforcement of Windows XP (referred to as the SR-XP). First, the paper introduce the SR-XP system components and Windows XP security reinforcement technologies, and then focuses on the design and implementation of the SR-XP system terminal, at last, give the test results of the SR-XP.The major content of the study is terminal security reinforcement technologies, including the following aspects:First, boot from GRUB allows the system to boot from USBKEY. In GRUB boot process, integrity check of the critical resources of the operating system. These critical resources, including the security components and the driver and executable programs load before security components, ensure the SR-XP system to boot properly. After the start of the security component of the SR-XP system, it enhanced authentication through the GINA technology; Through HOOK technology and Windows kernel file system filter driver, according to the corresponding security policy, it intercepting requests for file operations request and the process start and USB-disk access control; Through network filter driver, intercept the user’s network access request, in accordance with network security policies, to control the user’s network access and prevent the invasion of network viruses; the system also implements the confidentiality and integrity combining mandatory access control.By implementing the security reinforcement of windows XP, SR-XP system have achieved the trusted boot, the secure login, the process start control, the network connection control, the peripheral control, and file access control, these controls could effectively ensure the system security, the data security and the network security.