摘 要随着计算机技术的不断发展，计算机网络已经成为国家经济发展和文化交流的重要载体，网络安全问题也越来越受到关注。首先对内网安全审计的相关技术进行了研究，介绍了信息安全、网络安全审计的概念及国内外研究现状，并对现有系统进行分析，将安全审计与其他网络安全技术进行了比较。通过对安全审计系统的安全需求分析提出了内网在主机行为监管和审计系统的整体框架，对系统功能模块进行整体分析，并从系统体系结构和整体功能模块对系统进行了总体设计。然后重点对内网主机行为监管和审计系统的设备管理、网络共享监管、移动存储设备认证和日志审计进行了研究。设备管理模块对主机的各种设备进行了详细区分，便于实现对相应设备有效管理；网络共享监管是基于SMB的网络访问行为记录模块，通过针对共享资源访问行为的分析和记录得到相应的数据信息；移动存储设备认证是在设备管理的基础上对内部存储介质的细化认证管理；日志审计是通过代理端对主机行为信息的分类采集和分析之后形成有效的审计信息记录。最后对系统进行了功能测试和性能测试，测试结果能够达到预期设计要求。

As computer network technology develops ever more rapidly, it has become an important carrier of economic and cultural development of a country and an essential tool for people’ communication. Along with the high dependence on network, network security, issues of which mainly come from internal network become more and more important. This paper mainly studies distributed security audit techniques as follows: Firstly,the concepts of information security, syslog and audit are introduced, the present state of the research on network security is discussed. Different security techniques are compared and analyzed. Especially the security issues of internal network is given and the corresponding security framework is designed which includes several security model to solve different security inefficiency separately. Secondly, the main idea of this paper is to design a security audit system, which combines access control of users and devices, network behavior control, the host security audit. The devices management module can recognize and control the 1394 devices, infrared communication devices, parallel port devices, public mobile memory device (USB) and some newly added devices. The network share module used to monitor the network neighbor which is implemented by NETBIOS protocol. The monitor object includes every protocol elements and commands, emphasis put on the access control to all the share resources. The mobile storage device management module is given and designed alone to illustrate its important role in modern network for its widely usage. This module is designed to fine granularity control of storage devices. It could use normally in controlled secure area with the work department’s mobile memory device, while employees have no authority. Meanwhile, The audit system records the use of every controlled computer powered on/off in the network, every detail of the local documents and files of every controlled computer, such as add, modify and so on. The sample, store and analyze function of audit data also researched. Finally, the test of system function is given to verify the efficiency of the technique solution.