| With the development of information technology, the scale of data center becomes larger and larger, application systems also become increasingly complex. In order to maintain these systems, the enterprise managers need a lot of IT maintenance personnel, and a part of systems need to be outsourced to third-party companies to maintain. In this case, managers need technology and tools to control, limit and track user’s behaviors. Then they can determine whether the user’s behavior is a threat to the security of internal network.Base on protocol proxy technology, this project designed an internal bastion host (operation audit system) that is able to monitor and audit user’s behaviors. In order to realize the single sign-on of the remote desktop access which is based on C/S structure, our system introduce the techniques of Man-in-the-MiddleAttack, password filling and protocol parsed. The system records all the session data in the log database base on the proxy and implements different playback modules respectively depending on the different remote desktop access techniques. In order to resolve the security vulnerabilities of RDP protocol, that has only one way authentication, we put SSL in RDP protocol, effective to prevent the occurrence of security incidents. In the meantime, based on the traditional Man-in-the-MiddleAttack algorithm, we present the improvement of Man-in-the-MiddleAttack algorithm, which reduces multiple RDP connections to single RDP connection. It effectively reduces sytem overhead and largely improves the efficiency of proxy server. According the shortcoming and deficiencies of other audit sytems, we introduce the concept of bastion host in the system, which will reinforce the system and lower the risks.Base on those technologies, the system is able to monitor and record all operation behaviors, and restore the behavior by video playback, so as to realize real-time monitoring, obtaining evidence later. |
PDF Full Text Request