Design And Implementation Of Network Devices Configuration Security Audit Platform

The network information age develops rapidly and computer technology is more widely used in the field.At the same time,a variety of network security threats also follow.Network device connects to the network as a physical entity.The security of network device affects the security of the whole network environment.Nowadays,it has undoubtedly become an important aspect to evaluate the security of network for the secure check of network device configuration.Therefore,it is of great significance to improve the security of network device.At present,the configuration command system and the configuration file format of network devices which produced by the manufacturers on the market,such as router and firewall,are not the same.And the systems or platforms for unified management of network devices are few,which leads to the difficulty and high cost of managing and checking the network device configuration.Regarding the above problems,a network device configuration security audit platform which based on MVC model and Thrift framework is designed and implemented.In this paper,the current situation of network device security audit systems is analyzed at home and abroad.It clarifies the target that the platform will achieve and the functions that the platform will be required.Through in-depth study on the key technologies,such as MVC pattern and Thrift framework,it has finished designing and implementing the network device configuration security audit platform.In the process of writing this paper,the work done by the author mainly in the following aspects:1.Through the analysis of the current situation of network security and network devices security,the research background and significance of the network device configuration security audit platform is described in this paper.At the same time,the previous research achievement and application status of the MVC model and Thrift framework is summarized.The integral organizational structure of the paper is also gave.2.This paper introduces the technical background of finishing the network device configuration security audit platform in detail,including MVC model,B/S architecture,ThinkPHP framework,Apache Thrift framework and Bootstrap framework.The basic structure and framework features of the above key technologies are also introduced.3.Through the detailed research and analysis,the paper shows that the network device configuration security audit platform is feasible in economy,technology and development environment.In the meantime,the functional requirements and performance indicators of the platform are determined according to the actual situation.It also introduces the functional modules of the platform which should be implemented in theory and the operating efficiency status of the platform which should be achieved.4.This paper focuses on the strategic audit program has been formulated.It summarizes four major types of policy rules are commonly used as the network device configuration information is audited.They are user management class,access control class,communication class,object group class.Then it gives specific types of strategic audit content,in order to achieve the audit of strategic configuration information.5.According to the requirement analysis of the platform,the overall architecture and specific function modules of the platform are designed,and the coding of the configuration module,strategy module,task module and system module of the platform is completed.The platform is presented by the way of core code,flow chart and interface picture.Finally,the platform is tested from different angles to ensure the stable and safe operation of the platform and to put forward the prospect of future maintenance and optimization of the platform.The network device configuration security audit platform designed and implemented in this paper can well accomplish the unified management of the configuration information of multiple network devices.It can also effectively reduce the difficulty and cost of configuring and checking the network device,and greatly improve the efficiency of auditing work,so that the network device administrators can find out the potential security exposure in network device configuration as soon as possible and solve the problems in time.Then the unnecessary losses will be avoided and the practicability and security of the network device will be improved.