面向产品数据安全的网络监控技术研究
|
摘要
随着企业信息化的快速发展和企业网络化办公的普及,企业在发展过程中产生了大量的电子数据文档,企业产品数据也都以电子文档存储,并在企业网络环境中共享传播。然而,信息化网络给企业带来便利的同时也给企业产品数据安全保护提出了新的挑战;因此,研究企业网络环境下面向企业产品数据安全的解决方案,对保护企业机密信息,维护企业核心竞争力,至关重要。针对这样的问题,本文设计提出了一个面向产品数据安全的网络监控系统模型,同时对网络监控技术进行了深入的研究。
首先,本文研究了企业信息化和网络应用现状,在此背景下,指出了企业产品数据面临的安全问题;同时指出在当前企业网络化环境下,企业在保护产品数据安全方面的不足以及需要解决的问题。
其次,本文根据前文提出的问题,结合企业的应用环境,提出了面向产品数据安全的网络监控系统模型,介绍了模型的主要模块及其功能;其中主要介绍了模型中网络监控防护模块的具体实现方法,提出了一种递进式网络数据包解析与过滤模型,并对该模型的各个模块的功能和实现进行了描述,研究了模型实现的关键技术。
再次,本文详细阐述了递进式网络监控实现技术,分别从数据包截获、数据包解析和数据包过滤三个方面介绍了网络监控的具体实现细节。
最后,本文综合上述研究成果,实现了一个网络监控系统,详细介绍了系统的整体设计和客户端、服务器、控制台的具体实现,并提出了对未来研究工作的展望。
With the rapid development of enterprise informationization and the popularization of enterprise network business, the enterprises have produced a large amount of electronic data files in their development process. The product data is saved as electronic documents and spread in the enterprise sharing network environment. However, the informationization network brings not only convenient to the enterprises but also new challenges for protecting the enterprise product data security. Therefore, the study about solutions for the enterprise product data security under the network environment is very important for protecting the enterprise confidential information and maintaining the enterprise core competitiveness. For this problem, a network monitoring system model for product data security is proposed, and the research on the network monitoring technology is made deeply.
First of all, the enterprise informationization and the network application are researched. In this context, the security problems about the enterprise product data are pointed out. And the deficiencies and the problems need to be solved for the enterprise in protecting product data are also pointed out in the current enterprise network environment.
Secondly, according to the above problems, a network monitoring system model for product data security is put forward, and its main modules and their functions are introduced. The method which realizes the network monitoring protection module in the model is mainly introduced, and a progressive network packets parsing and filtering model is proposed. The function of every module of the model is described, and the key technologies of the model realization are studied.
Thirdly, the realization technology of progressive network monitoring is elaborated. The realization details about network monitoring are described respectively from packets capture, analysis and filtering three aspects.
Finally, according the above research achievements, a network monitoring system is realized. The overall design of the system and the realization of client, server and console are elaborated. The research prospect on the future is made.
首先,本文研究了企业信息化和网络应用现状,在此背景下,指出了企业产品数据面临的安全问题;同时指出在当前企业网络化环境下,企业在保护产品数据安全方面的不足以及需要解决的问题。
其次,本文根据前文提出的问题,结合企业的应用环境,提出了面向产品数据安全的网络监控系统模型,介绍了模型的主要模块及其功能;其中主要介绍了模型中网络监控防护模块的具体实现方法,提出了一种递进式网络数据包解析与过滤模型,并对该模型的各个模块的功能和实现进行了描述,研究了模型实现的关键技术。
再次,本文详细阐述了递进式网络监控实现技术,分别从数据包截获、数据包解析和数据包过滤三个方面介绍了网络监控的具体实现细节。
最后,本文综合上述研究成果,实现了一个网络监控系统,详细介绍了系统的整体设计和客户端、服务器、控制台的具体实现,并提出了对未来研究工作的展望。
With the rapid development of enterprise informationization and the popularization of enterprise network business, the enterprises have produced a large amount of electronic data files in their development process. The product data is saved as electronic documents and spread in the enterprise sharing network environment. However, the informationization network brings not only convenient to the enterprises but also new challenges for protecting the enterprise product data security. Therefore, the study about solutions for the enterprise product data security under the network environment is very important for protecting the enterprise confidential information and maintaining the enterprise core competitiveness. For this problem, a network monitoring system model for product data security is proposed, and the research on the network monitoring technology is made deeply.
First of all, the enterprise informationization and the network application are researched. In this context, the security problems about the enterprise product data are pointed out. And the deficiencies and the problems need to be solved for the enterprise in protecting product data are also pointed out in the current enterprise network environment.
Secondly, according to the above problems, a network monitoring system model for product data security is put forward, and its main modules and their functions are introduced. The method which realizes the network monitoring protection module in the model is mainly introduced, and a progressive network packets parsing and filtering model is proposed. The function of every module of the model is described, and the key technologies of the model realization are studied.
Thirdly, the realization technology of progressive network monitoring is elaborated. The realization details about network monitoring are described respectively from packets capture, analysis and filtering three aspects.
Finally, according the above research achievements, a network monitoring system is realized. The overall design of the system and the realization of client, server and console are elaborated. The research prospect on the future is made.
引文
[1]成思危.企业信息化与管理变革[M].北京:中国人民大学出版社,2001.
[2]惠亚爱,孟芙蓉.浅谈企业信息化与电子商务的关系[J].商场现代化,2007.9:121-122
[3]王改性.提升企业竞争力的信息化作用分析[J].企业经济,2008(09):133-135.
[4] 2009 CSI Computer Crime and Security Survey[EB/OL], http://gocsi.com/survey.
[5]海锦涛.先进制造技术[M].北京:机械工业出版社,1996.
[6]邵晓东,高宏伟,叶林梅.产品数据安全性研究[J].微机发展.2003,13(4):28-30.
[7] National Bureau of Standards.Data Encryption Standard (DES)[S].Federal Information Processing Standards Publication 46 (FIPS PUB 46), 1977.
[8] R. L. Rivest, A. Shamir, L. Adleman.A Method for Obtaining Digital Signatures and Public-Key Cryptosystems[J].Communications of the ACM, 1978,21(2):120-126.
[9] http://baike.baidu.com/view/7520.htm.
[10] Lyons, Alan. Effective Data Backup. Disaster Recovery Journal, 9(4), Pages 47-49. 1996
[11]王笑强.数据修复技术在电子取证中的应用[J].网络安全技术与应用,2004,8:57-59.
[12] S.McCanne and V.Jacobson. The BSD Packet filter: A New Architecture for User-level Packet Capture. In Proceedings of the Winter 1993 USENIX Conference, 1993.259-270.
[13] Fulvio Rissole and Loris Degioanni. An Architecture for High Performance Network Analysis. Computers and Communications, 2001. Proceedings. Sixth IEEE Symposium, On 3-5 July 2001 Page(s):686– 693.
[14] Angela Orebaugh, Greg Morris, Ed Warnicke, et al. Ethereal Packet Sniffing. Syngress Publishing, February 2004.
[15]陈永辉,向科峰等.基于Winsock2 SPI的网络封包截获[J].网络信息技术, 2006, 25(3):55-56.
[16]陈琪等.Windows单机版防火墙包过滤多种方案比较与实现[J].计算机应用与软件,2005,22(5):114-116.
[17]熊仲健等.基于TDI层的动态网络控制技术[J].微型电脑应用,2008, 24(5):33-3.
[18] Microsoft,Inc. NDIS. http://msdn.microsoft.com
[19] J.W.Floroiu, T.C.Ionescu, R.Ruppelt, B. Henckel and M.Mateescu. Using NDISintermediate drivers for extending the protocol stack: A case study[J].Computer Communications, 2001 (24): 703-715.
[20]郑明雄等.基于NDIS中间层的包截获及分析处理[J].现代计算机,2004,3:64-67
[21]刘璐等.基于NDIS中间层驱动的高速网络设备监测技术[J].计算机应用研究,2008,25(10):3122-3124.
[22]刘静,裘国永.NDIS-HOOK网络封包截获技术实现[J].微处理机,2008,(5): 51-53,56.
[23]蒋波等.数据包的截获与网络协议分析[J].重庆三峡学院学报, 2006,26(3):26-27.
[24]肖戈林. HTTP协议技术探讨[J].江西通信科技,2001,(1):17-24.
[25]陈金阳等. FTP协议分析及其客户端程序实现[J].计算机工程与应用, 2005,32:130-132.
[26]周彩兰等.基于SMTP协议解析的垃圾邮件防治技术[J].计算机技术与发展,2008,18(1):188-191.
[27]唐燕. POP3协议解析及简单实现[J].电脑知识与技术, 2007,16:951-952.
[28]谭思亮.监听与隐藏-网络侦听揭密与数据保护技术.[M].北京:人民邮电出版社,2002.
[29] E.Hooper. An Intelligent Intrusion Detection and Response System Using Network Quarantine Channels: Firewalls and Packet Filters[j]. Multimedia and Ubiquitous Engineering, 2007. MUE '07. International Conference on, on 26-28 April 2007 Page(s): 1193-1198
[30] J.Reumann; Hani Jamjoom; Kang Shin;“Adaptive Packet Filters”, Global Telecommunications Conference, 2001. GLOBECOM '01. IEEE, on 25-29 Nov. 2001 Page(s):2331-2335 vol.4
[31] Yamashita, Y.; Tsuru, M.;“Code Optimization for Packet Filters”, Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on, On 15-19 Jan. 2007 Page(s):86-86.
[32]高峰,基于内容安全的局域网监控系统(CSBLAN)的设计与实现[D].电子科技大学,2005.
[33] AnyView(网络警),厦门诚创科技有限公司http://www.xmcct.net/products/anyview/anyview.htm
[34]李文剑.防水墙技术初探.信息安全与通讯保密[J],2007.5:107-108
[35]中软防水墙系统WaterBox,中国软件与技术服务股份有限公司.http://www.css.com.cn/subpage.aspx?ctabid=10&stabid=178
[36]薛质,苏波,李建华编著.信息安全技术基础和安全策略.北京:清华大学出版社,2007.
[37]陈杰,陈健.产品数据管理技术及其应用[J].矿业工程,2009,7(3):61-62.
[38]沈建新,周儒荣.产品全生命周期管理系统框架及关键技术研究[J].南京航空航天大学学报,2003,35(5):565-571
[39] http://baike.baidu.com/view/1794100.htm
[40]陈卫军.网络监控技术的研究与应用[D],华东师范大学,2007.
[41]严蔚敏.数据结构(C语言版)[M].北京:清华大学出版社.2006.
[42] D.E.Knuth,J.H.Morris,V.R.Pratt.Fast Pattern Matching in Strings. SIAM Journal on Computing,1977(6),pp.323-350
[43] R.S.Boyer,J.S.Moore.A fast string searching algorithm. Communications of the ACM,pp.767-772,1977.
[44]巫喜红.几种模式匹配算法的效率分析[J],大庆师范学院学报,2007,27(2):50-52.
[45]潘金贵.现代计算机常用数据结构和算法.南京:南京大学出版社.1994,pp.595-596
[46] A.C.Yao. The Complexity of Pattern Matching for a Random String, SIAM Journal on Computing,1979,8(3)vol.8,no.3,1979,pp.368-387.
[47]谭献海.网络编程技术及应用[M].北京:清华大学出版社,2006
[48]王艳平.Windows网络与通信程序设计(第2版)[M].北京:人民邮电出版社.2009.
[49] W.R.Stevens著.范建华等译.TCP/IP详解卷1:协议[M].北京:机械工业出版社.2003.
[50] RFC2045 - Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies,http://www.ietf.org/rfc/rfc2045.txt
[2]惠亚爱,孟芙蓉.浅谈企业信息化与电子商务的关系[J].商场现代化,2007.9:121-122
[3]王改性.提升企业竞争力的信息化作用分析[J].企业经济,2008(09):133-135.
[4] 2009 CSI Computer Crime and Security Survey[EB/OL], http://gocsi.com/survey.
[5]海锦涛.先进制造技术[M].北京:机械工业出版社,1996.
[6]邵晓东,高宏伟,叶林梅.产品数据安全性研究[J].微机发展.2003,13(4):28-30.
[7] National Bureau of Standards.Data Encryption Standard (DES)[S].Federal Information Processing Standards Publication 46 (FIPS PUB 46), 1977.
[8] R. L. Rivest, A. Shamir, L. Adleman.A Method for Obtaining Digital Signatures and Public-Key Cryptosystems[J].Communications of the ACM, 1978,21(2):120-126.
[9] http://baike.baidu.com/view/7520.htm.
[10] Lyons, Alan. Effective Data Backup. Disaster Recovery Journal, 9(4), Pages 47-49. 1996
[11]王笑强.数据修复技术在电子取证中的应用[J].网络安全技术与应用,2004,8:57-59.
[12] S.McCanne and V.Jacobson. The BSD Packet filter: A New Architecture for User-level Packet Capture. In Proceedings of the Winter 1993 USENIX Conference, 1993.259-270.
[13] Fulvio Rissole and Loris Degioanni. An Architecture for High Performance Network Analysis. Computers and Communications, 2001. Proceedings. Sixth IEEE Symposium, On 3-5 July 2001 Page(s):686– 693.
[14] Angela Orebaugh, Greg Morris, Ed Warnicke, et al. Ethereal Packet Sniffing. Syngress Publishing, February 2004.
[15]陈永辉,向科峰等.基于Winsock2 SPI的网络封包截获[J].网络信息技术, 2006, 25(3):55-56.
[16]陈琪等.Windows单机版防火墙包过滤多种方案比较与实现[J].计算机应用与软件,2005,22(5):114-116.
[17]熊仲健等.基于TDI层的动态网络控制技术[J].微型电脑应用,2008, 24(5):33-3.
[18] Microsoft,Inc. NDIS. http://msdn.microsoft.com
[19] J.W.Floroiu, T.C.Ionescu, R.Ruppelt, B. Henckel and M.Mateescu. Using NDISintermediate drivers for extending the protocol stack: A case study[J].Computer Communications, 2001 (24): 703-715.
[20]郑明雄等.基于NDIS中间层的包截获及分析处理[J].现代计算机,2004,3:64-67
[21]刘璐等.基于NDIS中间层驱动的高速网络设备监测技术[J].计算机应用研究,2008,25(10):3122-3124.
[22]刘静,裘国永.NDIS-HOOK网络封包截获技术实现[J].微处理机,2008,(5): 51-53,56.
[23]蒋波等.数据包的截获与网络协议分析[J].重庆三峡学院学报, 2006,26(3):26-27.
[24]肖戈林. HTTP协议技术探讨[J].江西通信科技,2001,(1):17-24.
[25]陈金阳等. FTP协议分析及其客户端程序实现[J].计算机工程与应用, 2005,32:130-132.
[26]周彩兰等.基于SMTP协议解析的垃圾邮件防治技术[J].计算机技术与发展,2008,18(1):188-191.
[27]唐燕. POP3协议解析及简单实现[J].电脑知识与技术, 2007,16:951-952.
[28]谭思亮.监听与隐藏-网络侦听揭密与数据保护技术.[M].北京:人民邮电出版社,2002.
[29] E.Hooper. An Intelligent Intrusion Detection and Response System Using Network Quarantine Channels: Firewalls and Packet Filters[j]. Multimedia and Ubiquitous Engineering, 2007. MUE '07. International Conference on, on 26-28 April 2007 Page(s): 1193-1198
[30] J.Reumann; Hani Jamjoom; Kang Shin;“Adaptive Packet Filters”, Global Telecommunications Conference, 2001. GLOBECOM '01. IEEE, on 25-29 Nov. 2001 Page(s):2331-2335 vol.4
[31] Yamashita, Y.; Tsuru, M.;“Code Optimization for Packet Filters”, Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on, On 15-19 Jan. 2007 Page(s):86-86.
[32]高峰,基于内容安全的局域网监控系统(CSBLAN)的设计与实现[D].电子科技大学,2005.
[33] AnyView(网络警),厦门诚创科技有限公司http://www.xmcct.net/products/anyview/anyview.htm
[34]李文剑.防水墙技术初探.信息安全与通讯保密[J],2007.5:107-108
[35]中软防水墙系统WaterBox,中国软件与技术服务股份有限公司.http://www.css.com.cn/subpage.aspx?ctabid=10&stabid=178
[36]薛质,苏波,李建华编著.信息安全技术基础和安全策略.北京:清华大学出版社,2007.
[37]陈杰,陈健.产品数据管理技术及其应用[J].矿业工程,2009,7(3):61-62.
[38]沈建新,周儒荣.产品全生命周期管理系统框架及关键技术研究[J].南京航空航天大学学报,2003,35(5):565-571
[39] http://baike.baidu.com/view/1794100.htm
[40]陈卫军.网络监控技术的研究与应用[D],华东师范大学,2007.
[41]严蔚敏.数据结构(C语言版)[M].北京:清华大学出版社.2006.
[42] D.E.Knuth,J.H.Morris,V.R.Pratt.Fast Pattern Matching in Strings. SIAM Journal on Computing,1977(6),pp.323-350
[43] R.S.Boyer,J.S.Moore.A fast string searching algorithm. Communications of the ACM,pp.767-772,1977.
[44]巫喜红.几种模式匹配算法的效率分析[J],大庆师范学院学报,2007,27(2):50-52.
[45]潘金贵.现代计算机常用数据结构和算法.南京:南京大学出版社.1994,pp.595-596
[46] A.C.Yao. The Complexity of Pattern Matching for a Random String, SIAM Journal on Computing,1979,8(3)vol.8,no.3,1979,pp.368-387.
[47]谭献海.网络编程技术及应用[M].北京:清华大学出版社,2006
[48]王艳平.Windows网络与通信程序设计(第2版)[M].北京:人民邮电出版社.2009.
[49] W.R.Stevens著.范建华等译.TCP/IP详解卷1:协议[M].北京:机械工业出版社.2003.
[50] RFC2045 - Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies,http://www.ietf.org/rfc/rfc2045.txt