本文選題：信息安全　切入點：屏幕圖像錄制　出處：《電子科技大學(xué)》2014年碩士論文

【摘要】：隨著計算機(jī)網(wǎng)絡(luò)與辦公自動化的高速發(fā)展,企業(yè)中的信息傳遞越來越依賴于計算機(jī)網(wǎng)絡(luò),當(dāng)企業(yè)在享受計算機(jī)網(wǎng)絡(luò)與各種辦公系統(tǒng)帶來的便利的同時,信息安全隱患也隨之而來,特別是企業(yè)內(nèi)部重要信息的泄露給企業(yè)帶來的損失無法估量,因此,如何防范企業(yè)內(nèi)部網(wǎng)絡(luò)機(jī)密數(shù)據(jù)的泄露,是目前非常重要的一個課題。本論文中的企業(yè)內(nèi)網(wǎng)信息安全系統(tǒng)就是一個專門保護(hù)企業(yè)中機(jī)密數(shù)據(jù)信息不被竊取的管理系統(tǒng),目的就是為企業(yè)內(nèi)網(wǎng)中的數(shù)據(jù)信息提供一種實用、可靠的管理方案。論文敘述了信息安全發(fā)展現(xiàn)狀與課題的含義,并對當(dāng)前計算機(jī)網(wǎng)絡(luò)信息安全技術(shù)進(jìn)行了綜述。在對公司的需求進(jìn)行深入分析與研究的基礎(chǔ)上,確立了客戶端/服務(wù)器模式的系統(tǒng)總體架構(gòu),以及論述了系統(tǒng)的設(shè)計思路與運(yùn)作流程,并對系統(tǒng)功能模塊進(jìn)行了劃分。成熟的的開發(fā)思想和面向?qū)ο蟮慕＜夹g(shù)增加了系統(tǒng)的健壯性和可擴(kuò)展性。信息安全系統(tǒng)擁有三大核心策略模塊,分別是屏幕錄制模塊、網(wǎng)絡(luò)監(jiān)聽模塊、移動設(shè)備訪問控制模塊。屏幕錄制模塊利用屏幕圖像抓取與壓縮技術(shù)實現(xiàn)了用戶對計算機(jī)操作詳情的記錄,從而為管理人員提供了直觀的操作行為再現(xiàn),讓其能夠輕而易舉的找出信息泄露源頭;網(wǎng)絡(luò)監(jiān)聽模塊對WinPcap開發(fā)包進(jìn)行了深入研究,讓捕獲網(wǎng)絡(luò)底層數(shù)據(jù)包變得不再困難,接著通過TCP/IP協(xié)議的分層理論對捕獲的數(shù)據(jù)包進(jìn)行簡單的協(xié)議分析,最后實現(xiàn)利用ARP欺騙及時切斷非法入網(wǎng)設(shè)備的連接;移動設(shè)備訪問控制模塊則是利用在Windows NT的內(nèi)核文件系統(tǒng)之上添加一層文件過濾驅(qū)動,用以攔截移動設(shè)備的訪問請求,從而達(dá)到防止企業(yè)機(jī)密信息通過移動設(shè)備拷貝出去。本系統(tǒng)綜合運(yùn)用了圖像處理、網(wǎng)絡(luò)監(jiān)聽、過濾驅(qū)動等多種技術(shù),實現(xiàn)了對企業(yè)內(nèi)網(wǎng)信息安全保護(hù)的作用。系統(tǒng)目前已經(jīng)在公司內(nèi)試運(yùn)行,未見報錯信息,為公司信息安全的保護(hù)起到了不可磨滅的貢獻(xiàn)。
[Abstract]:With the rapid development of computer network and office automation, information transmission in enterprises is more and more dependent on computer network. When enterprises enjoy the convenience brought by computer network and various office systems, The hidden trouble of information security also follows, especially the loss caused by the leakage of the important information inside the enterprise can not be estimated. Therefore, how to prevent the leakage of the confidential data of the internal network of the enterprise, The enterprise intranet information security system in this paper is a management system which specially protects the confidential data information from being stolen in the enterprise. The purpose of this system is to provide a practical method for the data information in the enterprise inner network. This paper describes the development of information security and the meaning of the subject, and summarizes the current computer network information security technology. On the basis of in-depth analysis and research on the company's needs, The system architecture of client / server mode is established, and the design idea and operation flow of the system are discussed. The mature development idea and object-oriented modeling technology increase the robustness and expansibility of the system. The information security system has three core policy modules, which are screen recording module. The screen recording module uses screen image capture and compression technology to realize the user's record of computer operation details, thus providing a visual reappearance of the operation behavior for the manager, the network monitor module, the mobile device access control module, the screen recording module, the screen image capture and the compression technology to realize the user to the computer operation detail record, It makes it easy to find out the source of the information leak; the network monitoring module conducted a deep study of the WinPcap development kit, making it easy to capture the underlying data packets of the network. Then through the stratification theory of TCP/IP protocol, the captured data packet is analyzed simply, and finally, the connection of illegal network equipment is cut off by using ARP spoofing in time. The mobile device access control module uses adding a file filter driver on the kernel file system of Windows NT to intercept the access request of the mobile device. In order to prevent confidential enterprise information from being copied out through mobile devices, this system uses a variety of technologies, such as image processing, network monitoring, filter driver, etc. The system has already run in the company at present, has not reported the wrong information, has played the indelible contribution to the company information security protection.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 ;國務(wù)院要求加快信息領(lǐng)域相關(guān)標(biāo)準(zhǔn)和法律法規(guī)建設(shè) 發(fā)揮標(biāo)準(zhǔn)對產(chǎn)業(yè)支撐作用[J];信息技術(shù)與標(biāo)準(zhǔn)化;2013年11期

2 李凡,劉學(xué)照,盧安,謝四江;WindowsNT內(nèi)核下文件系統(tǒng)過濾驅(qū)動程序開發(fā)[J];華中科技大學(xué)學(xué)報(自然科學(xué)版);2003年01期

3 楊治國,都思丹,高敦堂;穩(wěn)定背景圖像壓縮算法研究[J];計算機(jī)應(yīng)用研究;2002年06期

相關(guān)碩士學(xué)位論文 前1條

1 康芊;基于多Agent的內(nèi)網(wǎng)行為監(jiān)管系統(tǒng)的研究[D];西安電子科技大學(xué);2006年

，

本文編號：1670056