Research And Application Of Network Access And Connection Control Technology For The Internal Network Security System

With the development of computer network technology, the development of information security has entered a new era, terminal machine security and network security issues gradually attracted people’s attention. Most of the applications currently on the internal network terminals, especially in government agencies, classified department, the core research institutions, banks and other financial systems, enterprises and other units of the office network, internal business network, classified network terminal equipment, is crucial, even strictly confidential. Once these devices are compromised, or corrupted, it will be a very serious consequence. In the case of information security issues become more and more important, the intranet security issues become increasingly important and prominent.Network Communications is one of the main causes of the internal information leaks, but the network control and audit is technical difficulties, and for the moment the means for the internal network attacks are also changing, greatly increased the difficulty of network prevention. Based on the study of the basic intranet endpoint security key technology and Windows kernel driver key technology, this paper facing network access and connection control technology in the intranet security system, research and design of the network packet monitoring technology, wired LAN and wireless LAN management and control technology, wireless control technology, the default gateway and network bridge broken protection technology. (1)This paper studies the application of the NDIS intermediate driver and NDIS filter driver technology to achieve a network packet monitoring function under Windows XP and Windows8systems, and expand the analysis and discussion on special network communication protocol-NWLINK/IPX protocol.(2)In research and application of the NDIS intermediate driver technology and NDIS filter driver technology and in-depth understanding of the basis for VMWARE virtual machine communication principle, this paper realizes the wired LAN and wireless LAN management and control functions that can prevent VMWARE virtual machine bypass, analyzes and discusses the network communication protocol with special physical address--the ARP protocol and the IGMP protocol.(3)In mastering basic principles of the wireless network card and the upper filter driver key technologies, this paper discusses the way and implementation to manage and control the wireless modem, analyzed and compared two different wireless modem control mode:registry control and drive control, and chose a better way that use the upper filter driver.(4)This paper get gateway and network adapters information via Windows application layer API, realizes the default gateway detection and broken network protection while building network bridges.With the realization of these techniques, this paper all-round, multi-angle achieves network connectivity and control technology.At the end of this paper, we demonstrate functional testing and performance testing for the internal network security system. Verified various aspects of the network access and connection control techniques can be effectively applied to a terminal machine, and terminal internal network security management system operated stably and efficiently.