The Design And Implement Of A Security Office System Based On The Whitelist Mechanism

While the rapid development of the Internet brings human business activities lotsof revolutionary changes, mobile offince has has become a typical model of businessoffice. Mobile office can be unshackled from the borders of space and accelerate theinformation exchange, it can imporve social productivity effectively. However, owe tothe nature of liberalization, the development of mobile office can be more easilyblocked by the network security problems. Especially for the enterprises that is moresesitive to safety problems, mobile office is full of risks.As the most widely used operating system platform which has maximum numberof users, Windows system inevitably became the target of vast majority of malicioussoftware. Moreover, most moreover domestic enterprises use the Windows system asa work platform, so their private information and internal data are suffered seriousthreaten in front of malicious softwares stuffing the internet and they always stand inthe ledge of data leakage. So it is necessary to introduce a security mechanism in themobile office platform for creating a good office environment.Aim at this situation, this paper analyzes and compares different network packetinterception technologies, and Windows network protocol architecture NDIS has beenresearched on those basis. Then, applying technology of NDIS hook, SSDT HOOKand WFP，a security office system based on the whitelist mechanism has beendesigned and implemented. The system contains three parts: packet filter driver inthe kernel, client application and the software filter driver. The packet filter driver inthe kernel can filters network packets and controls the access for cyber resources; thesoftware filter driver can privent the execution of unverified software;The clientapplication can controls the driver and makes the system dedicated.At last，The security office system has been deployed in the local network. Beside,we have tested the function and performance of this system. The results show that thissystem can effectively controls users’ network behaviors and the system has goodapplication value.