基于中间人的RDP数据采集
|
摘要
RDP是Windows操作系统中的远程桌面协议,属于一种加密协议,由于Windows操作系统被广泛应用于个人和运维环境中,如何对RDP操作进行合法合规的安全审计,提高运维系统的安全性。RDP采用加密数据传输,为解决RDP加密数据采集并解析成明文数据进行安全审计的问题,本文提出了一种基于中间人原理的RDP数据采集方法,该方法只针对RDP的基本连接。该方法基于客户端和服务器的TCP连接,在密钥协商阶段,获取加密数据传输阶段的RC4密钥。在加密数据传输阶段,收到密文数据后直接转发,再用获取的RC4密钥进行解密,获取明文数据。通过在实际的数据采集器中的实现,该方法相比已有的串联方法减少了28%的传输延迟时间,相比已有的旁路方法,不受网络丢包影响,且更安全,适用范围广。
RDP is a remote desktop protocol in the Windows operating system and is widely used in personal and operation and maintenance environments. How to support the RDP audit to improve the security of operation and maintenance systems is an important question. RDP is a kind of cryptographic protocol. To solve the problem of RDP encryption data gathering,decryption and audit,a RDP gathering method based on man-in-middle is proposed. The proposed method just applies to RDP standard connection. The proposed method is based on the TCP connection between client and server. The method gets the RC4 secret key which is used in the phase of the encryption data transmission during the phase of the key agreement. During the phase of the encryption data transmission,the encryption data is transmitted immediately when the data is obtained. After that,the encryption data is decrypted by using the RC4 secret key. The proposed method is realized in a real network data collector. The proposed method can decrease the transmission delay by 28% in comparison to the series method. The proposed method can increase the security and is not affected by the network packet loss in comparison to the bypass method.
RDP is a remote desktop protocol in the Windows operating system and is widely used in personal and operation and maintenance environments. How to support the RDP audit to improve the security of operation and maintenance systems is an important question. RDP is a kind of cryptographic protocol. To solve the problem of RDP encryption data gathering,decryption and audit,a RDP gathering method based on man-in-middle is proposed. The proposed method just applies to RDP standard connection. The proposed method is based on the TCP connection between client and server. The method gets the RC4 secret key which is used in the phase of the encryption data transmission during the phase of the key agreement. During the phase of the encryption data transmission,the encryption data is transmitted immediately when the data is obtained. After that,the encryption data is decrypted by using the RC4 secret key. The proposed method is realized in a real network data collector. The proposed method can decrease the transmission delay by 28% in comparison to the series method. The proposed method can increase the security and is not affected by the network packet loss in comparison to the bypass method.
引文
[1]胡道元,闵京华.网络安全[M].北京:清华大学出版社,2008.3-19
[2]石淑华,池瑞楠.计算机网络安全技术[M].北京:人民邮电出版社,2016.1-6
[3]陈泉清.基于协议解析的网络安全审计系统的设计与实现[D].成都:电子科技大学,2014.
[4]陈雁翔.基于中间件技术的应用安全审计平台设计与实现[D].浙江:浙江工业大学,2015.
[5]廖斌.网络安全审计系统的设计与实现[D].北京:中国科学院大学工程科学学院,2015.
[6]吴京洪,倪宏,曾学文.面向网络数据审计的SSH请求复原方法[J].网络新媒体技术,2016,5(6):12-16
[7]Microsoft.Remote desktop protocol(RDP)features and performance white paper[Z].www.microsoft.com,June 27,2000.
[8]吴耀芳.基于应用代理的运维堡垒机研究与设计[D].上海:上海交通大学,2014.
[9]刘蔚然.基于协议代理的内控堡垒主机的设计与实现[D].上海:华东理工大学,2014.
[10]崔文超.信息安全运维审计模型及关键技术研究[D].北京:华北电力大学,2014.
[11]刘建.RDP远程桌面协议的安全性分析[D].成都:西南交通大学,2014.
[12]王悦.RDP协议的安全性分析与中间人攻击[D].北京:北京邮电大学,2008.
[13]陈丹伟,薛青晗,章韵.基于ECC的RDP认证机制研究[J].南京邮电大学学报,2012,32(5):32-37
[14]Microsoft.Remote Desktop Protocol:Basic Connectivity and Graphics Remoting[Z].www.microsoft.com,May 15,2014.
[2]石淑华,池瑞楠.计算机网络安全技术[M].北京:人民邮电出版社,2016.1-6
[3]陈泉清.基于协议解析的网络安全审计系统的设计与实现[D].成都:电子科技大学,2014.
[4]陈雁翔.基于中间件技术的应用安全审计平台设计与实现[D].浙江:浙江工业大学,2015.
[5]廖斌.网络安全审计系统的设计与实现[D].北京:中国科学院大学工程科学学院,2015.
[6]吴京洪,倪宏,曾学文.面向网络数据审计的SSH请求复原方法[J].网络新媒体技术,2016,5(6):12-16
[7]Microsoft.Remote desktop protocol(RDP)features and performance white paper[Z].www.microsoft.com,June 27,2000.
[8]吴耀芳.基于应用代理的运维堡垒机研究与设计[D].上海:上海交通大学,2014.
[9]刘蔚然.基于协议代理的内控堡垒主机的设计与实现[D].上海:华东理工大学,2014.
[10]崔文超.信息安全运维审计模型及关键技术研究[D].北京:华北电力大学,2014.
[11]刘建.RDP远程桌面协议的安全性分析[D].成都:西南交通大学,2014.
[12]王悦.RDP协议的安全性分析与中间人攻击[D].北京:北京邮电大学,2008.
[13]陈丹伟,薛青晗,章韵.基于ECC的RDP认证机制研究[J].南京邮电大学学报,2012,32(5):32-37
[14]Microsoft.Remote Desktop Protocol:Basic Connectivity and Graphics Remoting[Z].www.microsoft.com,May 15,2014.