Winsock 2 Spi Technology-based Internal Network Security Research

The purpose of this dissertation is to extend the traditional firewall technology in order to defend the attacks from the inner network.The traditional firewall can't do this because it is designed to defend the attacks from outer network regarding all the host computers of inner network are believable. So traditional firewall can't keep all the host computers under control.But according to statistics about 70 percent of security accidents are caused by the hidden trouble from inner network. So it's especially important to monitor the action of the computers of inner network and defend the attacks of spiteful users and invalid softwares.This paper focuses on how to prevent taking data to outer network by vicious users and invalid programs and how to prevent eavesdropping network packages to avoid data leaking through Winsock 2 SPI programming technology. Through the standard networking interface used by upper layer application it can monitor the outgoing action of user's program effectively. The SPI program distinguishes the data packages transmitted by networking programs by checking the identity of the computer, user and program and disposes according to the predefined strategy. If one computer wants to communicate with other computers in inner network it must provide its host computer identity, program identity,and user identity to the SPI filtering program installed on itself because its authentication method based on the identities it provided. Only if the computer identity, program identity and user identity are all valid then the data packages can leave and enter the computer itself otherwise the data packages can't leave or enter the computer itself at all. Thus the SPI program can protect inner network from source of the damage.There are three features in this article. First it proposed a new self-discipline method of protecting inner network from the source of damage. Second it used Winsock 2 SPI programming technology to accomplish the design without any modification of the upper application. Third it used the process prevent-killing and scan technology to ensure the security of the SPI program itself thus the robustness of the filtering module is greatly strengthened.