| With the widespread use of the Internet and the improvement of the information degree, Most companies are using the Internet to deal with work, makes it easier and faster to business office and management, at the same time companies face a lot of network security threats.For a network, enterprises not only need to deal with attacks from outside the enterprise, but also to prevent accidents due to internal non-standard operation. Nowdays,many network security incidents are caused by internal factors. At this point, companies need an internal network information security audit system,which colud comprehensive test and audit all activity network to safeguard the enterprise network information security. Therefore, the study of network information security auditing technology has important practical significance.For high-speed network and efficiency requirements,we design and implement a network security audit system of high-performance and depth content audit.The system uses a combination of hardware and software solutions,The audit devices are deployed in enterprise core business systems network exit, use the bypass intercepting all packets flowing through the network. In order to ensure the faster, auditing system uses high-speed NIC and netmap-Libpcap achieve zerocopy packet capturing with high CPU utilization.In packet network protocol processing section, using the userspace TCP/IP protocol stack. The protocol stack will be seen as a user program, with a thread implementation. And make the protocol stack for the audit function to simplify and optimize the protocol function, protocol processing overhead is as small as possible.Finally, the network information security audit system for functional display, it can meet the requirements of software in the practical application, to provide strong support for the internal network security, ensure the normal operation of the enterprise business system. |
PDF Full Text Request