《局域网用户上网行为审计系统的设计与实现》由会员分享,可在线阅读,更多相关《局域网用户上网行为审计系统的设计与实现(75页珍藏版)》请在金锄头文库上搜索。
1、上海交通大学硕士学位论文局域网用户上网行为审计系统的设计与实现姓名:邓俊申请学位级别:硕士专业:软件工程指导教师:戚正伟20071201局域网用户上网行为审计系统的研究和实现 -I- 局域网用户上网行为审计系统的研究和实现 摘 要 随着互联网的迅猛发展,许多单位内部局域网都和互联网相连,互联 网给人们工作、生活带来了极大的方便,同时造成新的安全隐患,单位内 部用户上网行为没有监督和约束,访问非法、黄色站点,滥用网络资源, 迫切需要行之有效的网络安全监督保障系统。 现有的网络安全措施主要是 针对防范外部的入侵和攻击, 然而实际上 801以上的安全事件都是从内 部发生的,由此可见防范内部比防范外部
2、更重要。另外,对于一些经常处 理涉及国家秘密和企业商业秘密信息的部门, 为了防止内部人员有意无意 地通过互联网传输涉密信息,也需要一个可以自动识别涉密信息关键字, 继而过滤、阻止涉密信息的传输。本论文所研究的“局域网用户上网行为 审计系统”是记录局域网用户访问互联网的行为过程,控制用户能够使用 哪些互联网服务,过滤上传敏感内容,对上网内容进行审计的系统。 目前,用户上网行为审计系统的发展相对落后,主要客户是网吧等公 共上网场所,其功能与企事业单位上网行为审计系统的需求差别较大。现 有网络行为审计产品主要从网络入侵角度考虑,对网络访问事件进行审 计。而一个单位的网络既要处理外部入侵,又要对内部用
3、户访问外网行为 进行监督,这样的内部网络连接外网才是较安全的。国内很多单位都已建 立自己的计算机网络,但一般未建立相应的上网行为审计系统,这主要是 对上网行为审计的认识存在误区所导致的,担心涉及个人隐私,担心员工 产生抵触情绪。实际上只要开发合理,上网行为审计是能很好地解决此类 矛盾。 通过对局域网用户访问外部网络的行为进行记录和检查,可有效地发 现和防范违规的网络访问, 因此研究与开发局域网用户上网行为审计系统 具有重要的现实意义。 本文对局域网用户上网行为审计的相关技术进行了研究,针对中小规 模局域网环境设计和实现了一个基于网络嗅探器技术的用户上网行为审 计系统。该系统是我们自主开发的产品
4、,已经在一些涉及国家和企业秘密 的部门得到应用,效果良好。 论文研究的主要内容包括以下几个方面: (1)阐述了网络审计的关键技术,从系统结构、数据来源以及网络服务 控制等方面对用户上网行为审计系统涉及的相关技术进行了研究和总结, 为网络行为审计系统奠定理论基础, 并对现有的几种网络审计系统进行了局域网用户上网行为审计系统的研究和实现 -II- 分析介绍。 (2)针对用户上网行为审计系统应用的实际需求, 确定了其功能需求并 设计其体系结构,将其分解为数据采集、数据解析处理、网络服务控制、 关键字内容过滤等各个子系统;采取旁路监听的方式采集数据,不影响用 户的正常使用;设计了数据采集与存储策略,解
5、决了数据分析与处理等关 键技术,实现了高效的数据采集和处理。 (3)对 TCP/IP 协议数据封装过程进行分析,分析和比较了三种常见的 会话重建技术,设计和实现了一个高效的分层协议解析与数据还原模块。 在此模块中,通过规范接口与内部分层,使得该模块具有良好的可重用性 和可扩展性。 (4)针对字符串集比较大、而模式串中出现的关键字符相对较少的情 况,以 BMH 算法为核心,设计了一个字符串比对过滤模块,该模块具有 很好的可重用性,几乎不影响用户上网速度。 (5)介绍本系统的总体实现模型, 以及各个子系统的功能结构和实现方 法。通过对系统参数进行设置,可以灵活方便地将该系统应用于各种不同 的实际环
6、境中,以满足不同用户的具体需求。 (6)对本系统进行测试。介绍测试环境和测试结果,对系统的功能和性 能进行了测试,对测试结果和系统性能进行了分析,得出了系统的适用范 围和有待改进的方面。测试结果表明系统实现了预期目标。 关键词关键词 上网行为审计,关键字过滤,网络嗅探,网络服务控制 局域网用户上网行为审计系统的研究和实现 -III- Design and Implementation of Auditing System over Internet Access of Lan/ Intranet Users ABSTRACT A great many of internal LAN of co
7、mpanies or organizations are connected to the Internet along with the Internet boom. Not only does the Internet provide great conveniences to life and work of common people, but also does it simultaneously lead to some new and hidden safety troubles: The internet access by the interior Intranet user
8、s is going on without surveillance and restriction, such as access to illegal websites, pornography website and abuse of network resources, thus it is an in dire need of implementing an effective Network security monitor and safeguard system. The existing network security measures work mainly for pr
9、eventing attack and invasion outside the Intranet. Actually, over 80% of security accidents take place inside the Intranet, therefore it can be seen from this that it is even more important to guard inside the Intranet than outside. In addition, for those departments involving regularly in the state
10、 secrets or commercial secrets of enterprises, a transmission device that can automatically identify key words concerned secret information then filtrates and checks the transfer of the information is required in order to guard against insiders intentionally or unintentionally transmitting of secret
11、 information across the Internet. This thesis studies the Auditing System over the Internet access of Lan/Intranet Users. The system tracks record of Intranet users access trace when they access to the Internet, restrains the scope of network services they can receive, filtrates the sensitive conten
12、ts inclusive in the information and implements the follow-up auditing procedures into information which is uploaded by the Intranet users. The evolution of Auditing System over Internet Access of Intranet users is currently at a much slower stage, with its main service for the internet cafes and so
13、on. Its function and performance differs greatly from the requirements of the Auditing System over Internet Access of enterprise and public institution. The auditing devices currently available over users access to the Web are designed in terms of network intrusion, and thereby conduct audit work fo
14、r network access incidents. And much more, the connection between the internal network and public network can be secured only when the network of any organizations is capable of handling outside intrusion and implementing supervision over internal users access to the Web. Many 局域网用户上网行为审计系统的研究和实现 -I
15、V- domestic organizations establish their own internal computer network but generally without relevant auditing system over Internet access, which is caused primarily by mistaken beliefs that can still be found with reference to surf behavior auditing, worries about its concerning personal privacy,
16、and accordingly employees resistance to the auditing. In reality as long as it is developed reasonably, such contradictions as mentioned above can be properly settled by auditing system over Internet access. It is of important realistic significance to do research and develop auditing system over internet access for intranet users, since that by recording and inspecting the Intranet users access to the Web, any illegal access to the netw
