计算机I/O端口安全综合审计监测系统研究与实现
摘要
随着计算机网络的普及,许多企业都建立了内部网络来完成不同的任务。企业的内网有利于各部门资源共享和任务分担,但是如果缺乏适当的安全保障,就会导致非法用户访问,企业核心资料外流等一系列的安全问题。
计算机I/O端口安全综合审计监测系统正是针对上述安全隐患设计与开发的。本系统主要包括阻止非法用户的访问和对USB端口文件传输信息的监测两个方面的控制功能。
本文设计并实现了分层绑定模块,USB端口监测模块和系统加密体系。分层绑定模块建立了分层绑定结构,不仅实现了主机到交换机端口,MAC地址到IP地址的一一映射,还新增了用户到主机的一一映射。建立绑定时不再需要管理员手工输入繁琐的命令,而是预先定义一些参数来自动完成。USB端口监测模块实现了对USB存储设备数据传输的监测。当由于断网产生很多待传的临时日志文件的时候,为避免网络恢复正常之后大量的数据同时上传,导致缓存丢弃一些重要日志,或引起网络拥塞,本文在客户端特别增设了过滤模块,过滤掉那些非重要的日志,从而保证了不会丢失重要日志,而且不会引起网络拥塞。
With the development and extension of network technology, there has been a growing in-depth understanding of network security among the net users. Information security products such as Intrusion Detection VPN firewall, encryption,etc.,have gained increasing recognition. However, these products have a common weakness.That is ,they cannot facilitate interior network security . While most enterprises and workunits build network security on a large scale of investment and installation of these products,the defect of these products and the hypothesis that the staff should be totally reliable leave the interior network exposed to abuse.It is very possible that important information and top-level secrets be stolen by insiders who could take advantage of the technological loopholes for illicit profits,and the violation difficult to trace.
There are many products on auditing internal staff computer operations in technical terms. Not long ago, some security auditing and monitoring systems, which were specifically designed for the auditing and monitoring security of internal networks. They combined safety equipment management, document management, online behavior management organically. By monitoring and controlling network equipment t, user behavior recording, it can visualize network security risks, prevent to the maximum the letting out of sensitive information and make complete records of the operations that involves sensitive information for tracking violations that might taking place afterward . It can also implement security management for the hardware and software resources of personal desktop systems, and exert effective control and prevention of information security incidents in the process.
The use of information technology is gradually infiltrated into the daily work of all levels, which results in a gradual recognition of a safe and health network environment inside enterprises and government units. Thanks to Government policies, and participations of software enterprises like the Polytechnic ground and Hanbang, I believe that the loss caused by inner network security issues will be greatly reduced .Of course, the most important thing is that the users realize the grim situation of their own network security and take effective measures to resolve it.
We need more efficient and effective management for the inner-enterprise network to prevent such theft of information. Computer I / O port security comprehensive auditing and monitoring system can effectively resolve the situation. Thus the design and implementation of this system is profoundly meaningful.
In many enterprise network security management measures, address binding the legitimate users is undoubtedly one of the major ones. A lot of solutions to the problem of illegal use of address have come to life nowadays both at home and abroad , which mainly concentrate on the realization of ACL List control, port and MAC address binding, and MAC address and IP address binding .But these solutions require complicated operations and expertise in the users ,especially in larger networks .Moreover,they usually cannot make a good combination of network management and the function of address binding.
The Computer I / O port security comprehensive auditing and monitoring system can neatly combine the network management and the function of address binding without calling for the expertise of the users,and it can manage the entire network inside an enterprise and at the same time address bind the switchboard with MAC and MAC with IP for internal network users. to address network management functions and functional organic bundled together, to make management do not have any relevant expertise circumstances, we are able to the entire network management and internal network users can switch ports bundled with the MAC address and MAC address and IP address binding.
In recent years, printers, USB applications and many other mobile data storing devices have become increasingly popular. At the same time, more and more companies have started to worry that their own information security might be threatened through this important data storage outflows. The Computer I / O port security comprehensive auditing and monitoring system can help to fight against this difficult and unavoidable situation, by adopting port management to real-time monitoring printers and ports of USB devices inside the company .In this way, the wrongful acts can be traced and the privacy leaking incidents can be avoided to the largest degree.
This system applies to all enterprise networks, regardless of their sizes. It’s an ideal choice for protecting enterprise information security because it’s powerful, safe and stable. By preventing illegal access and monitoring information on the printer and file transferring at the USB port, the system can help eliminate the risk of secret information leakage and the potential danger of network collapse from all angles. In addition, considering the authority limitation , the system has adopted a perfect encryption module in order to ensure that only users with specific permissions can use the system.
The system uses the C / S structure. It reasonably distributes tasks to the Client and Server-end, which lowers the communication costs of the system and greatly improves work efficiency and guarantees the security of the system in the same time. The system has a central database server, to which all clients can make access, and to which the operating log of USB ports’and printers’and be uploaded.
The system’s service provides an interface to manage the information on the customer-end. It includes three functional modules, the port - MAC-IP bundling module, printer monitoring module and USB storage device monitoring module. The port - MAC-IP bundling module includes six sub-modules, network segment managing, switchboard managing, password managing, switchboard port managing, and IP address managing and bundling managing. Printer monitoring module consists of three main modules, print content storing and display, log query and documentation generating. USB storage device monitoring module also consists of three main modules, the content of the document storing and display, log queries and documentation generating.
The system’s client is primarily responsible for the information of monitoring I / O port. The information collected will be uploaded to the server-end to get analyzed.
Due to a time limit, there are little imperfections of the system that need revising. For example, the current system can monitor USB storage devices but it cannot deal with new storage devices like Bluetooth and others or the newly emerged devices. Besides, how to maintain the process for the system to expand and meet the new demand also challenges us and leaves plenty of space for improvements.
计算机I/O端口安全综合审计监测系统正是针对上述安全隐患设计与开发的。本系统主要包括阻止非法用户的访问和对USB端口文件传输信息的监测两个方面的控制功能。
本文设计并实现了分层绑定模块,USB端口监测模块和系统加密体系。分层绑定模块建立了分层绑定结构,不仅实现了主机到交换机端口,MAC地址到IP地址的一一映射,还新增了用户到主机的一一映射。建立绑定时不再需要管理员手工输入繁琐的命令,而是预先定义一些参数来自动完成。USB端口监测模块实现了对USB存储设备数据传输的监测。当由于断网产生很多待传的临时日志文件的时候,为避免网络恢复正常之后大量的数据同时上传,导致缓存丢弃一些重要日志,或引起网络拥塞,本文在客户端特别增设了过滤模块,过滤掉那些非重要的日志,从而保证了不会丢失重要日志,而且不会引起网络拥塞。
With the development and extension of network technology, there has been a growing in-depth understanding of network security among the net users. Information security products such as Intrusion Detection VPN firewall, encryption,etc.,have gained increasing recognition. However, these products have a common weakness.That is ,they cannot facilitate interior network security . While most enterprises and workunits build network security on a large scale of investment and installation of these products,the defect of these products and the hypothesis that the staff should be totally reliable leave the interior network exposed to abuse.It is very possible that important information and top-level secrets be stolen by insiders who could take advantage of the technological loopholes for illicit profits,and the violation difficult to trace.
There are many products on auditing internal staff computer operations in technical terms. Not long ago, some security auditing and monitoring systems, which were specifically designed for the auditing and monitoring security of internal networks. They combined safety equipment management, document management, online behavior management organically. By monitoring and controlling network equipment t, user behavior recording, it can visualize network security risks, prevent to the maximum the letting out of sensitive information and make complete records of the operations that involves sensitive information for tracking violations that might taking place afterward . It can also implement security management for the hardware and software resources of personal desktop systems, and exert effective control and prevention of information security incidents in the process.
The use of information technology is gradually infiltrated into the daily work of all levels, which results in a gradual recognition of a safe and health network environment inside enterprises and government units. Thanks to Government policies, and participations of software enterprises like the Polytechnic ground and Hanbang, I believe that the loss caused by inner network security issues will be greatly reduced .Of course, the most important thing is that the users realize the grim situation of their own network security and take effective measures to resolve it.
We need more efficient and effective management for the inner-enterprise network to prevent such theft of information. Computer I / O port security comprehensive auditing and monitoring system can effectively resolve the situation. Thus the design and implementation of this system is profoundly meaningful.
In many enterprise network security management measures, address binding the legitimate users is undoubtedly one of the major ones. A lot of solutions to the problem of illegal use of address have come to life nowadays both at home and abroad , which mainly concentrate on the realization of ACL List control, port and MAC address binding, and MAC address and IP address binding .But these solutions require complicated operations and expertise in the users ,especially in larger networks .Moreover,they usually cannot make a good combination of network management and the function of address binding.
The Computer I / O port security comprehensive auditing and monitoring system can neatly combine the network management and the function of address binding without calling for the expertise of the users,and it can manage the entire network inside an enterprise and at the same time address bind the switchboard with MAC and MAC with IP for internal network users. to address network management functions and functional organic bundled together, to make management do not have any relevant expertise circumstances, we are able to the entire network management and internal network users can switch ports bundled with the MAC address and MAC address and IP address binding.
In recent years, printers, USB applications and many other mobile data storing devices have become increasingly popular. At the same time, more and more companies have started to worry that their own information security might be threatened through this important data storage outflows. The Computer I / O port security comprehensive auditing and monitoring system can help to fight against this difficult and unavoidable situation, by adopting port management to real-time monitoring printers and ports of USB devices inside the company .In this way, the wrongful acts can be traced and the privacy leaking incidents can be avoided to the largest degree.
This system applies to all enterprise networks, regardless of their sizes. It’s an ideal choice for protecting enterprise information security because it’s powerful, safe and stable. By preventing illegal access and monitoring information on the printer and file transferring at the USB port, the system can help eliminate the risk of secret information leakage and the potential danger of network collapse from all angles. In addition, considering the authority limitation , the system has adopted a perfect encryption module in order to ensure that only users with specific permissions can use the system.
The system uses the C / S structure. It reasonably distributes tasks to the Client and Server-end, which lowers the communication costs of the system and greatly improves work efficiency and guarantees the security of the system in the same time. The system has a central database server, to which all clients can make access, and to which the operating log of USB ports’and printers’and be uploaded.
The system’s service provides an interface to manage the information on the customer-end. It includes three functional modules, the port - MAC-IP bundling module, printer monitoring module and USB storage device monitoring module. The port - MAC-IP bundling module includes six sub-modules, network segment managing, switchboard managing, password managing, switchboard port managing, and IP address managing and bundling managing. Printer monitoring module consists of three main modules, print content storing and display, log query and documentation generating. USB storage device monitoring module also consists of three main modules, the content of the document storing and display, log queries and documentation generating.
The system’s client is primarily responsible for the information of monitoring I / O port. The information collected will be uploaded to the server-end to get analyzed.
Due to a time limit, there are little imperfections of the system that need revising. For example, the current system can monitor USB storage devices but it cannot deal with new storage devices like Bluetooth and others or the newly emerged devices. Besides, how to maintain the process for the system to expand and meet the new demand also challenges us and leaves plenty of space for improvements.
引文
[1] 钟嘉鸣. 内网安全及防护探讨. 网络安全技术与应用, 2007,(06) 3-6 页.
[2] 李欣,侯松霞. 内网安全防御系统的研究. 计算机应用, 2007,(S1) 2-3 页.
[3] 沈婕,许敏. 一种基于强审计技术的内网安全管理系统模型. 网络与信息, 2007,(03) 1-4 页.
[4] 金波,张兵,王志海. 内网安全技术分析与标准探讨. 信息安全与通信保密,2007,(07). 2-7 页.
[5] STEINKE G, A task-based approach to implementing computer security, JOURNAL OF COMPUTER INFORMATION SYSTEMS 38 : 47 1997 Pages: 33-45
[6] Chen RS, Hsu CJ, Chang CC, et al. A Web-based monitor and management system architecture for enterprise virtual private network COMPUTERS & ELECTRICAL ENGINEERING Pages: 503-524 NOV 2005 Pages: 25-30
[7] White D, Rea A A paradigm of network security design: A model for teaching network security JOURNAL OF COMPUTER INFORMATION SYSTEMS Pages: 53-65 WIN 2007
[8] ANDERSON JE, Security in the information systems curriculum: Identification & status of relevant issues JOURNAL OF COMPUTER INFORMATION SYSTEMS 42 : 16 2002
[9] RCHT KA, Developing a computer security policy for organizational use and implementation JOURNAL OF COMPUTER INFORMATION SYSTEMS 41 : 52 2000
[10] 马伟强. ARP 协议与 IP 地址与 MAC 地址的绑定. 中国科技信息, 2005,(02) 2-10 页.
[11] 黄家林,孟炜,黄烟波. 利用MAC地址的动态配置防止IP地址盗用的方法 计算机工程, 2002,(08) 3-8 页.
[12] 庆秋辉,徐同阁. MAC-IP 地址绑定的一种软件实现方法. 现代电子技术, 2006,(08) 5-7 页.
[13] 李一. 浅谈 MAC 地址与 IP 地址绑定策略. 中国科技信息, 2006,(04) 1-9 页.
[14] Sidorovs A, Barzdins G, Lacis J, et al. SmartARP: merging IP and MAC addressing for low-cost gigabit Ethernet networks COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING Pages: 2193-2204 NOV 10 1999
[15] P. Sridhar, Layer 2 and layer 3 switch evolution. The Internet Protocol Journal, Cisco Systems 1 2 (1998), pp. 38–43.
[16] A. Ferrero, The Eternal Ethernet, 2nd ed., Addison-Wesley, Harlow, 1999.
[17] 5 Wade D. Ethics of collecting and using healthcare data. BMJ 2007;334:1330-1. (30 June.)
[18] 王华东,卞雪静 USB 应用与安全控制技术研究 电脑学习, 2006,(05) 4-11 页.
[19] 刘刚. USB 接口研究与应用. 科教文汇(上半月), 2007,(03) 6-10页.
[20] 王阳. USB 安全技术及控制方法研究. 计算机安全, 2006,(12) 3-9 页.
[21] 霞光万丈. 防止 USB 接口泄密. 个人电脑, 2006,(11) 2-7 页.
[2] 李欣,侯松霞. 内网安全防御系统的研究. 计算机应用, 2007,(S1) 2-3 页.
[3] 沈婕,许敏. 一种基于强审计技术的内网安全管理系统模型. 网络与信息, 2007,(03) 1-4 页.
[4] 金波,张兵,王志海. 内网安全技术分析与标准探讨. 信息安全与通信保密,2007,(07). 2-7 页.
[5] STEINKE G, A task-based approach to implementing computer security, JOURNAL OF COMPUTER INFORMATION SYSTEMS 38 : 47 1997 Pages: 33-45
[6] Chen RS, Hsu CJ, Chang CC, et al. A Web-based monitor and management system architecture for enterprise virtual private network COMPUTERS & ELECTRICAL ENGINEERING Pages: 503-524 NOV 2005 Pages: 25-30
[7] White D, Rea A A paradigm of network security design: A model for teaching network security JOURNAL OF COMPUTER INFORMATION SYSTEMS Pages: 53-65 WIN 2007
[8] ANDERSON JE, Security in the information systems curriculum: Identification & status of relevant issues JOURNAL OF COMPUTER INFORMATION SYSTEMS 42 : 16 2002
[9] RCHT KA, Developing a computer security policy for organizational use and implementation JOURNAL OF COMPUTER INFORMATION SYSTEMS 41 : 52 2000
[10] 马伟强. ARP 协议与 IP 地址与 MAC 地址的绑定. 中国科技信息, 2005,(02) 2-10 页.
[11] 黄家林,孟炜,黄烟波. 利用MAC地址的动态配置防止IP地址盗用的方法 计算机工程, 2002,(08) 3-8 页.
[12] 庆秋辉,徐同阁. MAC-IP 地址绑定的一种软件实现方法. 现代电子技术, 2006,(08) 5-7 页.
[13] 李一. 浅谈 MAC 地址与 IP 地址绑定策略. 中国科技信息, 2006,(04) 1-9 页.
[14] Sidorovs A, Barzdins G, Lacis J, et al. SmartARP: merging IP and MAC addressing for low-cost gigabit Ethernet networks COMPUTER NETWORKS-THE INTERNATIONAL JOURNAL OF COMPUTER AND TELECOMMUNICATIONS NETWORKING Pages: 2193-2204 NOV 10 1999
[15] P. Sridhar, Layer 2 and layer 3 switch evolution. The Internet Protocol Journal, Cisco Systems 1 2 (1998), pp. 38–43.
[16] A. Ferrero, The Eternal Ethernet, 2nd ed., Addison-Wesley, Harlow, 1999.
[17] 5 Wade D. Ethics of collecting and using healthcare data. BMJ 2007;334:1330-1. (30 June.)
[18] 王华东,卞雪静 USB 应用与安全控制技术研究 电脑学习, 2006,(05) 4-11 页.
[19] 刘刚. USB 接口研究与应用. 科教文汇(上半月), 2007,(03) 6-10页.
[20] 王阳. USB 安全技术及控制方法研究. 计算机安全, 2006,(12) 3-9 页.
[21] 霞光万丈. 防止 USB 接口泄密. 个人电脑, 2006,(11) 2-7 页.