The Study Of Windows Kernel Key Technology And Its Application On Intranet Security

With the rapid popularization of Internet, network has become a great impulse to the development of the enterprise. However, the network is a double-edged sword. While bringing convenience to the enterprise, it also brings hazards. Information leakages happen more frequently, and most of them come from the insiders directly or indirectly. So, the intranet security issues have been focused on by the major company.Based on above state, through study key technology of Windows kernel driver, and apply it to intranet security management system, effectively control and manage the security problems in intranet system. This paper detailed presents the overall framework for security management system of intranet system and each functional module design. This paper also detailed explains the Windows filter driver technology, the functional module for security management system of intranet system which designed and realized base on filter driver technology. This paper studies the NDIS middle tier driver technology and its application, through comparison with NDIS middle tier driver, raw socket and Winpcap in Network packet processing, designed and realized the network control module which base on NDIS middle tier driver. This paper studies the development of WDM driving module and class filter driver, and design and realize CD-ROM read-only control module based on class filter driver. This paper studies the document system filter driver technology, and analysis its application, design and realize peripheral control module based on document system filter driver.In order to maintain the security of this system, the bottom driver technology is adopted to protect the documents, the registry and the processes which the system required to operate. This paper adopted the SSDT Hook technology and object change callback technology to achieve the protection of the registry and the processes. The file system protection driver is adopted to protect the system operation documents and the configuration files. By contrasting prevention methods of deletion and unloading in various network service, this paper adopted hidden driver service for network to realize the protection of the filter driver.Through plenty of system tests, pressure tests and the deployment of actual environment, this paper validated the login controls, network controls and peripheral device controls and other functions. So, this system can effectively manage the terminal devices.