Auditing system and method for shared file operation in local area network

Abstract

The invention discloses an auditing system for shared file operation in a local area network. The auditing system comprises a plurality of terminals and a record storage server. Each terminal comprises a middle layer network driver module, a file filter driver module and a shared file record processor. The invention additionally discloses an auditing method by using the system. The auditing system and the auditing method are simple, high-efficiency and easy to integrate. During auditing, the middle layer network driver module and the file filter driver module respectively intercept and capture a shared access server message block (SMB) packet and an I/O request packet (IRP) for file operation, and record the operation information of the shared file; and the shared file record processor generates detailed shared file operation auditing records according to the information and terminal login usernames and reports the records to the record storage server. Therefore, an intranet administrator can easily administrate the shared file operation.

Description

technical field [0001] The invention relates to an audit system for shared file operation in a local area network. The present invention also relates to an audit method based on the above system. Background technique [0002] In the intranet of the enterprise, some public servers are often configured to allow internal employees to share access, and file sharing is often used among employees, especially in enterprises that disable peripherals and implement paperless office , the advantages of simplicity and high efficiency of this method are more prominent. However, file sharing will also bring troubles to the management of the intranet, especially when there are a large number of personal computers, it is easy for internal users to illegally set confidential files as shared and fail to set sharing permissions, resulting in confidential information leakage In addition, some employees may tamper with files on the server or maliciously upload Trojan horse viruses to the serve...

AI Technical Summary

Problems solved by technology

There are three main problems in the domain policy method. First, the enterprise must be configured with a domain, and all internal users must join the domain. For those users who have not set up a domain server or have not joined the domain, they cannot manage; The information of policy audit shared file operation is relatively simple, and it is impossible to track and locate the responsible person; third, it cannot be integrated with other intranet management systems to form an integrated intranet security protection system

The file filtering driver method is to install the file filtering driver on the target terminal, monitor the local shared file operation, and record the audit information for management. This method can only monitor what operations the terminal user has done, and cannot obtain the IP address of the remote terminal ( Internet Protocol Address, Internet Protocol Address) and MAC (Media Access Control, Media Access Control) address and other information, therefore, intranet administrators also cannot trace the access operations of remote terminals

Images