企业内网信息安全系统的设计与实现

发布时间：2018-03-27 04:57

本文选题：信息安全　切入点：屏幕图像录制　出处：《电子科技大学》2014年硕士论文

【摘要】：随着计算机网络与办公自动化的高速发展,企业中的信息传递越来越依赖于计算机网络,当企业在享受计算机网络与各种办公系统带来的便利的同时,信息安全隐患也随之而来,特别是企业内部重要信息的泄露给企业带来的损失无法估量,因此,如何防范企业内部网络机密数据的泄露,是目前非常重要的一个课题。本论文中的企业内网信息安全系统就是一个专门保护企业中机密数据信息不被窃取的管理系统,目的就是为企业内网中的数据信息提供一种实用、可靠的管理方案。论文叙述了信息安全发展现状与课题的含义,并对当前计算机网络信息安全技术进行了综述。在对公司的需求进行深入分析与研究的基础上,确立了客户端/服务器模式的系统总体架构,以及论述了系统的设计思路与运作流程,并对系统功能模块进行了划分。成熟的的开发思想和面向对象的建模技术增加了系统的健壮性和可扩展性。信息安全系统拥有三大核心策略模块,分别是屏幕录制模块、网络监听模块、移动设备访问控制模块。屏幕录制模块利用屏幕图像抓取与压缩技术实现了用户对计算机操作详情的记录,从而为管理人员提供了直观的操作行为再现,让其能够轻而易举的找出信息泄露源头;网络监听模块对WinPcap开发包进行了深入研究,让捕获网络底层数据包变得不再困难,接着通过TCP/IP协议的分层理论对捕获的数据包进行简单的协议分析,最后实现利用ARP欺骗及时切断非法入网设备的连接;移动设备访问控制模块则是利用在Windows NT的内核文件系统之上添加一层文件过滤驱动,用以拦截移动设备的访问请求,从而达到防止企业机密信息通过移动设备拷贝出去。本系统综合运用了图像处理、网络监听、过滤驱动等多种技术,实现了对企业内网信息安全保护的作用。系统目前已经在公司内试运行,未见报错信息,为公司信息安全的保护起到了不可磨灭的贡献。
[Abstract]:With the rapid development of computer network and office automation, information transmission in enterprises is more and more dependent on computer network. When enterprises enjoy the convenience brought by computer network and various office systems, The hidden trouble of information security also follows, especially the loss caused by the leakage of the important information inside the enterprise can not be estimated. Therefore, how to prevent the leakage of the confidential data of the internal network of the enterprise, The enterprise intranet information security system in this paper is a management system which specially protects the confidential data information from being stolen in the enterprise. The purpose of this system is to provide a practical method for the data information in the enterprise inner network. This paper describes the development of information security and the meaning of the subject, and summarizes the current computer network information security technology. On the basis of in-depth analysis and research on the company's needs, The system architecture of client / server mode is established, and the design idea and operation flow of the system are discussed. The mature development idea and object-oriented modeling technology increase the robustness and expansibility of the system. The information security system has three core policy modules, which are screen recording module. The screen recording module uses screen image capture and compression technology to realize the user's record of computer operation details, thus providing a visual reappearance of the operation behavior for the manager, the network monitor module, the mobile device access control module, the screen recording module, the screen image capture and the compression technology to realize the user to the computer operation detail record, It makes it easy to find out the source of the information leak; the network monitoring module conducted a deep study of the WinPcap development kit, making it easy to capture the underlying data packets of the network. Then through the stratification theory of TCP/IP protocol, the captured data packet is analyzed simply, and finally, the connection of illegal network equipment is cut off by using ARP spoofing in time. The mobile device access control module uses adding a file filter driver on the kernel file system of Windows NT to intercept the access request of the mobile device. In order to prevent confidential enterprise information from being copied out through mobile devices, this system uses a variety of technologies, such as image processing, network monitoring, filter driver, etc. The system has already run in the company at present, has not reported the wrong information, has played the indelible contribution to the company information security protection.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】