| Informatization is the typical characteristics of modern enterprises, information technology has improved both business productivity and the efficiency of enterprise management, while the informatization of enterprise should also be responsible for the security of corporate information, so that it can play its due role. Information systems as an important tool for the dependence of modern enterprise management and production, its security and continuity is of great significance for normal business operations and management. Remote Desktop Protocol RDP (Remote Desktop Protocol) is a protocol for remote access to Windows Terminal Microsoft offered by Microsoft in the modern enterprise, since most of the information systems are Windows system, using Remote Desktop Protocol RDP information system running on Windows maintenance has become common phenomenon increasingly. Using remote desktop access way to the maintenance, operation and maintenance personnel on the server has brought great convenience, saving time and effort, but there are also security issues:no history of operation and maintenance operations, such as operation and maintenance personnel can not be recognized, no visual retrospective report or video to reproduce the operation, which has brought security issues in the process of remote desktop visition. Therefore, establishing an audit system to solve these problem of security based on the analysis of remote access of RDP is indispensable.Firstly, this article study and research the process and the format of transmission of RDP data. Then we use a proxy-based technology RDP audit technique in order to audit the process of RDP access to ensure security of information system. Deploy the proxy server on a swith which is reachable to both RDP client and RDP server, then run agent program on the server which can establish the connect to RDP client and RDP server, and record the data receive from RDP client for auditing afterward. While the data will be transfered to RDP server without effecting the normal use of RDP sessions. By the way of agent, the manager can both monitor the RDP session in real-time and audit the RDP sessions by the play back of recorded files. In this way, we achieve the goal of prior determination, controlment when happens and analysis afterwards in order to guarantee secure access to information systems.This article also provides a function of retrospective view of the RDP session, research, design and implement the playback of recorded RDP files, then designed a player which can read useful information from the recorded file, playback on the player with time control and playback controls, allowing users to see the smooth playback of video of RDP sessions. This paper also conducted sessions documented pattern recognition using character recognition technology to improve audit efficiency.Currently this feature is already in use as part of the operation and maintenance of security audit system in State Grid Corporation. Now the feature has had reliable performance, enhance the security of operation and maintenance. The provied audit function and audit reports help administrators view session content, session record intuitivly. |
PDF Full Text Request