摘要
针对内网嗅探、网络途径主动泄密等威胁,为提高内网通信过程中数据的保密性,设计并实现了一种安全通信组件。组件在Windows系统内核层以网络过滤驱动的形式实现,可嵌入NDIS体系。在终端通信过程中,该组件自动协商会话密钥,对数据链路层数据包执行加解密操作,实现过程对终端用户透明。试验结果显示,该组件能够实现终端保密通信,抵御内网嗅探和防止主动泄密,提高Windows系统的通信安全性,达到预期目的。
To avoid such threats as sniff attack or divulging secrets on purpose through network,and improve the data security in the process of communication in Intranet, the paper designs and implements a kind of component. The component is designed as the form of network filter driver in the kernel level of windows,which can be well embedded in NDIS architecture. In the process of communication between the terminals in Intranet,the components negotiate the session key automatically and use it to encrypt or decrypt the data link layer packets and the entire procedure is transparent to the user. The result of experiment show that the terminals which have loaded the component can communicate each other secretly and prevent the network sniff attack or the inside from divulging secrets on purpose through network, which improves the security of windows as expected.
出处
《现代电子技术》
2008年第17期76-79,共4页
Modern Electronics Technique
