| With the development of the Internet, a variety of emerging applications relying onthe network comes out one after another, that greatly enriches the Internet lives at thesame time, coming with network bandwidth resources tight, leak of confidentialinformation etc. So the firewall application has become an essential tool for networksecurity. in addition to effective control of network access, the main function of thefirewall itself, is to record and audit the network access. Linux provides a firewallframework of the Netfilter, and the users can expand this framework and prepare fortheir own firewall. This paper for the network security of confidential informationleakage and others problem, designs and implements a user behavior auditing firewallsystem, its specific function and subsystem as follows:1. Instant messenger audit subsystem: By studying the framework of Netfilter inLinux,analyzing and summarizing the mainstream communication software’s (QQ, MSN,Fetion) communication protocol formats and features which will be used to identify onthe framework of Netfilter, achieve the internal network users audit monitoring for useonline chat instant messenger software (QQ、MSN、Fetion).This system will recordinstant messenger audit information in the form of a database, including the chat numberof the instant messenger (QQ、MSN、Fetion), login time, login machine’s IP and port, thename of protocol. This subsystem consists of four modules: IP packet capture, protocolidentification, Netlink communications and aduit log storage. This subsystem can recordthe user who uses instant messenger software for tracing evidence of the relevant personsfor their acts.2. Traffic monitoring subsystem: This subsystem uses the framework of theNetfilter to realize the collection of the network data and monitor of traffic informationfor internal network users. including the source IP, the number of packets and thetotol amout of data(KB) of inflow and outflow, time and the average rate, etc. Thissubsystem consists of five modules: IP packet capture、timer、protocol identification、Netlink communications and log storage. The subsystem can provide reference for futurenetwork planning, strategic control or billing.3. Log records: This function by using Linux POM library’s ULOG module whichrecords the Package matched by firewall,makes firewall filtering package’s detailedinformation separated from a great variety of system log sys files, and imports this information into the MySQL database in accordance with the custom format.By setting up experimental environment in Linux (the fedora10) platform,thedesigned audit monitor firewall’s subsystems are testd. |
PDF Full Text Request