Design And Implementation Of Network Equipment Auditing System Based On Thrift Framework

The rapid development of modern computer and network technology,on the one hand facilitates the sharing of information, but also brings a series of network information security issues, such as information and data leakage, unauthorized access to data and so on. Firewalls and routers and other network equipments are the most basic and most important devices to protect network security. Facing the increasing network scale,how to manage and maintain these network devices becomes more and more important. In this premise, this paper in order to research, design and implementate a network equipment auditing system is carried out..In this paper, on one hand, the B/S architecture and C/S architecture technology are studied, and the advantages and disadvantages of both are summarized and compared. The RPC communication technology is also studied, and the application technology of the Apache Thrift framework is studied. On the other hand, the configuration security auditing algorithm of network equipment is researched deeply. Based on the characteristics of regular expression and the specification of network equipment security configuration, a configuration security auditing algorithm based on regular expression is proposed. Based on this, a network equipment auditing system based on Thrift framework is proposed, which is also based on configuration security auditing algorithm based on regular expression. The functions and communication interfaces of the system are also fully tested and the test results are given.The main work of this paper is as follows:1 .The configuration security auditing algorithm of network equipment is researched deeply, and the characteristics of regular expression are analyzed and summarized. Then, a configuration security auditing algorithm based on regular expression is proposed in combination with the network equipment security configuration specification.2.This paper designs and implements a network equipment auditing system based on Thrift framework. The whole architecture of the system is designed, and those important nodes and equipment management module, strategy management module, task and report management module, system and log management module, acquisition node service module, audit strategy service module and database module are designed.Functions are expatiated and designed in detail, and the coding is realized.3.The test environment is built and deployed, and the functions and communication interfaces of the system are fully tested. Meanwhile, the security of the system is tested. The test result shows that the system has achieved the expected effect.In addition, the network equipment auditing system designed and implemented in this paper can give a complete graphical security risk analysis report and a corresponding solution according to the auditing result, and provide the functional option of automatically repairing the relatively simple configuration problem, which has a higher practical use.The system can also establish the corresponding strategy script library for different types of network equipments from different manufacturers,which has higher extendibilities and wide applicabilities.