Design And Implementation Of Network Security Scanning System

With the continuous development of information and network technology,the internet has been integrated into all aspects of pepole 's lives.However,the insecurity of the network itself and the defects of the network communication protocol,make the network suffered invasion and destruction of the situation is very serious.Now the network application of most concern is the security issue,network security scanning is one of the important measures to enhance system security.By scanning the network,network administrators can understand the security of the network,timely detect and deal with the corresponding vulnerabilities.It is an important means to ensure the security of the network by analyzing the security of the network system in time,preventing,finding and correcting the weak links in the network.We design and implement a network security scanning system,then the security detection can automatically completed through the procedure,not only can it lighten the work of network administrators,but also can shorten the detection time to reduce the detection time.Today,however,most network scanning systems only have the function of port scanning,and can not further detect the application layer,system vulnerabilities,etc.,and the scanning rate needs to be improved.The network security scanning system should be more comprehensive in order to obtain more network security information and provide better technical support for network security.This paper researches and analysises of the existing scanning technology,scanning tools and their scanning theory,scanning mode and characteristics,and combining with the current situation of network security in China,then it puts forward the demand analysis of the network security scanning system,the whole system architecture,workflow and various functional modules are carried out a detailed design and implementation.The system is divided into three modules: configuration module,scanning module and output module,and the scanning module is divided into target active scanning,operating system scanning,port scanning and application layer service scanning based on plug-in.The system uses a stateless,asynchronous and nonblocking scanning mode,and it has independent send and receive threads,they are largely independent of each other,one thread is used to spew packets,and the other is used to receive packets,because it reduces the thread synchronization caused by time delay,so that the scanning speed is greatly improved,at the same time,the system has its own built-in TCP stack for further interaction with the application layer protocol service.The framework of this system applies the plug-in module to each protocol module of application layer,so it has good scalability.After the actual functional testing,the design and implementation of the system is proved to be effective.