Design And Implementation Of The Enterprise Intranet Information Platform Operation Security Monitoring System

With the continuous development of enterprise informatio n,the enterprise network information platform has become the necessary infrastructure for the normal operation of enterprises.This paper integrates routers,switches and other network devices,firewall,Remote Security Assessment System,Intrusion Prevention System and other security devices,terminal computers,servers and other equipment,breaking data isolation,realizing data exchange,and implementing integrated control of enterprise network information platform based on the design thought of Unified Threat Management.This paper designs and implements the enterprise network information platform operation safety monit oring system,the main work of this paper includes the following aspects:Firstly,the threats faced by the enterprise network.Requirements of data collection,data analysis,internal node monitoring,operation safety management and the five functional requirements of visualization are expounded in detail.And and the performance requirements,security requirements,reliability and availability requirements of the system are described.Secondly,according to the idea of software engineering,the system architecture is divided into five layers: data collection layer,data storage layer,data analysis layer,logic layer and presentation layer.In order to monitor the operation status of the important equipment in the network,the data collection layer collects CPU,memory and interface operation data of routers,switches and other network devices by using analog login technology and it adopts network crawler to collect real-time operation status data,real-time connection information and vulnerability information of firewall,IPS and RSAS.Meanwhile,it collects the data of the terminal computer,the operation status of the server,the open process and the port by using the client probe.The data analysis layer analyzes the real-time operation status and the historical operation status of the equipment,and provides the basis for the monitoring of the safety status of the equipment.This layer designs and implements the statistical analysis of the operation of network information platform.At the same time,through the safety rules comparison and threshold analysis,real-time analysis of equipment security status,timely detection of network information platform within the abnormal events and violations,and it uses the analytic hierarchy process to evaluate the health of Web server.The logical layer manages and controls the network information platform based on the data collection and analysis,and responds to the abnormal events.The logical layer designs the monitoring functions of the above network devices,security devices,terminal computers and servers.Meanwhile,based on the communication architecture of ZMQ Pub-Sub and REP-REQ,the control functions and network functions of HUAWEI,China three(H3C),CISCO and other brand routers and switches are realized.Logical layer implements the control function of terminal computers and server,including the detection device external storage device access,response violation events,remote control running process and port,Internet access and forced shutdown and so on.In order to facilitate the user management network information platform,and intuitive understanding of operating conditions,the presentation layer designs and implements the visualization of raw data and data analysis results,and realizes management visualization and data visualization.The data storage layer uses non relational databases to store real-time data,analysis results,and system configuration.Finally,the test environment of the system is configured,the functional test and non-functional test of the system are completed and application of the system is illustrated.