Design And Implementation Of Security Monitoring And Audit System For Intranet Host’s Behavior

As computer network technology develops ever more rapidly, it has become animportant carrier of economic and cultural development of a country and an essentialtool for people’ communication. Along with the high dependence on network, networksecurity, issues of which mainly come from internal network become more and moreimportant. This paper mainly studies distributed security audit techniques as follows:Firstly,the concepts of information security, syslog and audit are introduced, thepresent state of the research on network security is discussed. Different securitytechniques are compared and analyzed. Especially the security issues of internalnetwork is given and the corresponding security framework is designed which includesseveral security model to solve different security inefficiency separately.Secondly, the main idea of this paper is to design a security audit system, whichcombines access control of users and devices, network behavior control, the hostsecurity audit. The devices management module can recognize and control the1394devices, infrared communication devices, parallel port devices, public mobile memorydevice (USB) and some newly added devices. The network share module used tomonitor the network neighbor which is implemented by NETBIOS protocol. Themonitor object includes every protocol elements and commands, emphasis put on theaccess control to all the share resources. The mobile storage device managementmodule is given and designed alone to illustrate its important role in modern networkfor its widely usage. This module is designed to fine granularity control of storagedevices. It could use normally in controlled secure area with the work department’smobile memory device, while employees have no authority. Meanwhile, The auditsystem records the use of every controlled computer powered on/off in the network,every detail of the local documents and files of every controlled computer, such as add,modify and so on. The sample, store and analyze function of audit data also researched.Finally, the test of system function is given to verify the efficiency of thetechnique solution.