摘要
通过从计算机网络中的若干关键点收集信息并加以分析,网络监控系统能在不影响网络性能的情况下对网络进行监测,检查网络中是否有违反安全策略的行为和遭到袭击的迹象,一旦发现即可自动做出相应的处理,从而提供对内部攻击、外部攻击和误操作的保护,并可对安全部门的调查取证提供证据。文中详细介绍了网络监控系统NetMonitor的设计与实现,与现有的同类基于网络的监控系统相比,由于在数据结构和处理流程中进行了很好的设计,不仅在低速网络(10M/100Mbps)中能很好的工作,在高速网络(1000Mbps)中仍能发挥较好的性能。
Network monitor system collects information and analyses them from the key node of the network, it can monitor the network whether there is action that violate the safety-strategy without disturb the performance of the network, and once detect some it will handle it automatically. So it can protect inner-attack, outer-attack and mistake-attack with offer the evidence for security-department. In this paper, it is presented a design and implementation of network monitor system. Compare with other network monitor system, it work well not only in low-speed network but also in high-speed network.
出处
《微机发展》
2004年第3期120-122,共3页
Microcomputer Development
