| For any organization to allow employees to external network is an inevitable requirement, but too much non-work related network behavior will seriously affect the efficiency and more likely to lead to internal security issues. According to the findings of a series of survey showed that there is a higher incidence of information security incidents caused by internal security issues in China's enterprises. Therefore, managers should limit the internal user abnormal network behavior to reduce the internal network security problem. The basic premise of access to security risk needs is to learn the current state. Thus, deployment LAN behavior monitoring and management system is the best way to manage network security because the system can not only monitor the internal user network behavior and can control the user's behavior.There are many kinds of monitoring systems but most of them are used to monitor network traffic. With the complexity of internal security incidents and the development trend of security products, the management system is not just to get traffic analysis. Besides, it shall be possible to make a prediction for the future behavior based on the current situation, to achieve advance management.To design a system to meet the internal network behavior supervision requirements, this paper established a user network behavior management execution process model. According to the model, we designed the overall structure of the system and describes the key issues to be addressed in the implementation process. When performing user behavior analysis, the system adopts two kinds of mutual non coupling monitoring mode and utilize mandatory identity authentication mechanism. This method ensures the redundancy of the monitoring, so that users can't avoid monitoring. Some new network application, such as P2 P, is analyzed by using the data packet content detection and port detection technology when performing user behavior analysis. According to the characteristics of two monitoring modes, we use three different fine-grained methods to control the user network behavior. Enhancing the effectiveness of behavioral control by this way.Besides, we study and adopt a kind of situation awareness method, which is suitable for LAN environment. In the view of data, design of data processing, communication and maintenance mechanism is carried out, reducing the query and calculation latency caused by the large amount of monitoring data. Finally, we have established a strategy model to meet the requirements of LAN characteristics. By separating the policy management and implementation enhanced policy management convenience.Based on the design model and architecture and technical requirements, we implemented a system and tested it on the campus network. The results show that the design of the model and architecture is theoretically correct and the technology used has strong practicability. |
PDF Full Text Request