| Power companies undertakes the important mission of providing a safe and sustainable supply of electricity for the economic and social development. Therefore, the information system of it requires higher security assurance than general enterprises. With the continuous deepening of power companies information construction, a mushrooming number of information systems are put into use, and the phenomena of operating and maintaining remote servers through the network are more and more common, which brings power companies great conveniences but also brings security hidden dangers at the same time. Security risks brought by the operation and maintenance through using Remote Desktop Protocol include:operation and maintenance behavior are unknowable, operation procedures are unknowable, and no intuitive audit approaches are available.Remote Desktop Protocol(RDP) is a standard component of Windows operating system, which allows users access to a computer running Windows through the use of any Windows-based client from anywhere. It allows users to use all applications, files, and network resources on the remote computers in a reliable way, just as themselves sitting front of the remote computers.Based on fully understand of the current risk of operation and maintenance in power companies. In this paper, I use the proxy-based security audit system for remote desktop access. The core idea of proxy is to agent the connections between client and server, that is to say, proxy must establish two connections:from client to proxy and from proxy to server and forword packets between the two sides. Proxy-based audit system has advantages over the audit system which analyses the server log files to determine whether the operation and maintenance by user is legal.In this paper, based on the overall design of audit system, Firstly, I deeply analyse RDP such as its features, connection initialization process, the connection maintenance process, draw graphics principle. Secondly, I design and implement a RDP proxy which can agent RDP session from client to server. In the course of processing RDP packets by RDP protocol stack, The RDP proxy records graphics commands and user’s inputs into the playback files. Finally, I design and implement a RDP session player which can playback the operation and maintenance through the playback files. Auditors use the playback player to determine whether the maintenance of openrator is legal.At present, the system has been applied to all the provincial power companys and subsidiary companys of State Grid Corporation. The effect of using the system is very well. Basically it avoid the risk of operation and maintenance and improve IT operatiion management level of power companies. |
PDF Full Text Request