Design And Implementation Of Monitoring System For Illegal External Network Access Behavior Of Intranet User

The development of computer technology has improved function and ability of information processing of computer, which makes computers be applied to more complex work environment. More and more enterprises have built Intranet to greatly improve working efficiency. However, the negative effect is the security of Intranet. Investigation shows that more than70%of network security events happen in Intranet. The disclosure of company’s data is almost done by company’s own staff. If the staff makes some improper operation such as linking an Intranet host into the Internet in ways that is not allowed and linking an external computer into the Intranet without permission, these behaviors will destroy the integrity of the Intranet, which will result in disclosure of information. Nowadays, since3G network has become more and more popular, the connection between hosts of the Intranet and the Internet is much easier to be implemented. Technical measures should be taken to prevent Intranet from hidden security threat from interior.In order to reduce the threat of illegal external connection, an illegal external connection supervisory system in the Intranet is designed and implemented. This system uses C/S structure, which is comprised of console and central management in the Intranet and monitoring agents which are deployed on the hosts in the Intranet. The functions of the system contain illegal Internet access control, resource management, user management and security audit. Resource management function is in charge of marking the trusted hosts and determining illegal access hosts. The communication of illegal access hosts can be stopped by sending fake ARP message, which is the function of illegal access control. The function of external connection can stop the illegal external connection behavior by NDIS intermediate driver technology and send alarm message to the central server. Moreover, for protecting monitoring agent which is deployed on the hosts from being suspended, the system applies protective measures to the client program. The messages which contain alarm messages that sent by the client and operation of network administrator can be stored in the database as logs. System auditors can analyze these logs. In this thesis system functions are firstly introduced. Then, system structure and module design are proposed, and system database design is described. Moreover, system implementation process is analyzed. Finally, function tests and performance tests are put forward on the basis of software test strategy. These tests can prove that the system has complete function, quick response speed, strong security, strong fault-tolerant ability and good compatibility.