The Research Of The LAN Exclusion From The External Network Devices

The research of the LAN exclusion from the external network devices In the field of the detection of the network intrusion, in order to safeguard the security of the LAN data of the enterprise and to prevent the security of the enterprise data from being damaged due to LAN connection with external network devices without the permission of the network administrator, the entire LAN, as an organic unit, produces exclusion from the connected external network devices (example: notebook PC) to make them unable to visit the LAN. The method is the most efficient and direct and easy to be developed and used.By detecting the network ARP requesting packet and analyzing the petitioner's MAC address information, the intruder can be discovered and blocked. Whether the petitioner sending ARP requesting packet is legal or not can be analyzed through the comparison of the databases of the known devices. If the petitioner is illegal, the visit to the network will be blocked. The key point is to find an efficient way to block the intruder from a variety of the network technologies. The thesis focuses on the advantages and disadvantages of host deceit and the switch fraud. The switch fraud supplemented by host deceit was used to stop the intrusion.The software development involves the use of the database. Therefore how to choose databases and how to use VC++ and ADO database programming techniques to create a database of known devices were stated. At the same time, how to automatically report the information of the network devices to the database was addressed.Because of the presence of agents, the on-line network equipments can be found timely and efficiently and the intruder can be prevented timely. Agents are common computers installed by the client software. A subnet can have only one agent at a time. The current agent will be replaced by a new agent immediately after it is under line. The intelligent agent selection mechanism is also the highlight of the thesis.Conclusion: the blocking techniques characterized by the switch fraud are more direct and efficient than that characterized by host deceit. The rule for electing the suitable agent can protect the network timely and reliably. The automatic establishment of the database of devices can reduce the burden of the network administrators greatly.