Research And Implementation Of Website Tamper-proof System

With the rapid development of modern computer technology and the increasing rising ofnetwork technology level, the application range of Internet is wider and wider, which has beendeep into everyone’s daily life. Website, as the carrier of the releasing of Internet information,its number is increasing with each passing day. It includes both portal sites of governmentsand units of enterprises and institutions, and personalized sites established by individuals.Because of the openness of websites on the Internet and the complexity to take thewebsite construction technology, it results in different degrees of some vulnerabilities invarious types of websites and there are frequent hacker attacks, in which the influence ofwebsite-tampering attacks is especially bad. If the websites of governments and units ofenterprises and institutions are tampered with, first, it may lead to the interruption ofinformation releasing and can not provide normal services; second, once the released news oncurrent affairs, principles and policies, laws and regulations and other important informationare tampered with, it will seriously affect the images of governments and enterprises, causingirreparable damage; third, the sitelinks may be replaced by fishing websites or other maliciouswebsites, which will cause double loss of information providers and surfers.Therefore, how todeal with the attacks of hackers and how to prevent websites’ being maliciously tamperedwith are the forefront topics of information security technology.The purpose of this study is to realize the functions of website tamper-proof features andsecure login management in website protection system. According to the network securityneeds and the related technical specifications, combining with technologies of event-triggered, file filter driver, secure transmission and software engineering, this study developswebsite tamper-proof system, realizes the comprehensive monitoring protection of websitesand offers security insurance for all kinds of websites. At the same time, from aspects ofvolatile and nonvolatile data, the author engages in the self-protection of tamper-proof system.Through the mechanism of digital certificates and SSL secure communications technology,the author designs to implement the secure login management, to ensure the integrity andconfidentiality of data during transmission and to ensure the safety of users’ login.In this paper, the most tamper-proof system may be a loophole in the link is proposed toimprove the file synchronization and recovery engine and structured asynchronous scriptengine as the core center to manage the configuration, centralized control centers anddistribution monitoring center of the new twin-engine system architecture of the three centersto establish the site of a cluster of subject and resource ontology protection managementmodel; set of two-aware layer, are waiting for the basis of perception in the application layer of the network operating system layer and embedded in a network operating systemkernel. the key perception layer, open up two tunnels, one is to achieve within the clustertransmission of large amounts of data and information real-time synchronization of datasynchronization secure tunnel,the other is remoting cross-platform management of SecureSockets technology to realize the system signaling to pass the security tunnel, these twolevels and two tunnels together form a two-level perception of the core structure of thedouble-tunnel communications, integrated use of event-triggered system hook, AJAX,authentication and confidentiality of communications, technology, design tampering events,awareness, treatment, recovery process, the hidden three-thread protection system thread, andtake the filter file filter driver on top of the file system driver to increase the filter driver layerat the same time, increase the filter module is an intelligent rule base. The rules allowoperation, the request will move directly to the file system driver; if it is an illegal operationto intercept the request before the file system. At the same time, the main process is set tohigh-level services of the operating system and file system filter driver, disable the service"stop","pause" and "restart", the attacker can not in the system services to stop the mainprocess, to ensure the safe operation of the tamper-proof system, a system of self-protection, ahigh-security site tamper-proof system. In the design and implementation of the secure logmanagement, not only the use of digital certificates for authentication in the network, in orderto prove the identity of their own identity and recognize each other; and services provided bythe SSL protocol to ensure that the authenticated user and server data can be sent to thecorrect client and server, and data encryption, to prevent stolen midway, maintaining dataintegrity during transmission to ensure that the data will not be changed to achieve a securecommunication.