Network security monitoring system. +CD

number: 
1876
إنجليزية
department: 
Degree: 
Imprint: 
Computer Science
Author: 
Zainab Hyder Ameen Al-Essa
Supervisor: 
Dr. Loay E. George
year: 
2008

Abstract:

This research is concerned with the design and implementation of a network security monitoring system. A focus was put on monitoring the shared network resources (specifically filing system). In this work, the layers of TCP/IP suite have been studied and their roles in the process of network monitoring were defined, it was found that the internet layer can play the major role. Also, in this project a filing index system to index the files of network resources was built. The layout of the established monitoring system is composed of two major units (i.e., monitoring and administration units). The monitoring unit works on client side; it monitors all users' accesses to network resources by capturing the IP packets, and then analyze, filter, and assess their security aspects. Finally, it saves some of extracted parts of the IP packets in a database. The administration unit work on server side, it is used for indexing the network resources (i.e., shared files and folders). This unit permits the administrator to assign some available rules to manage the users' accesses. Finally, some reports could be produced, by merging the outputs of both units (monitoring and administration). The registered information about the captured packets are compared with the assigned access' rules for each subject to produce the periodic reports. The results of the conducted tests indicate that the stage of filtering out the unnecessary packets is very important. If the monitoring unit considers only the relevant packets, then the performance of the system increases and the performance will be stable even when there is high network traffic load.The proposed monitoring system has been established using Windows API functions with Microsoft Visual Basic 6.0.