Research Of The Firewall Based On Intermediate NDIS And SPI Technology

In recent years, with the development of computer technology, computer network also, developed rapidly, especially, there is a tremendous upswing in Internet technology, the Internet has also become increasingly involved in people's daily work and life. However, the network to bring a newer, faster information sharing, but also brought a lot of security threats to the majority of Internet users. Network security has become an important research topic of domestic and foreign researchers, host firewall as an effective means of effective monitoring of the host network behavior, to protect the host network security, security of a network terminal, has been favored by the network security researchers.Windows system host firewall is the major research object of this paper. It based on firewall filter core packet technology, using the combination of NDIS intermediate layer driven filtering technology and SPI interface filtering technology double filter of the design program, in the text of a hybrid firewall overall architecture design and module planning are described. A collection of their own advantages based on the user mode and kernel mode protection, and it introduces that do the rules and record the log by embedded database, so that the firewall performance greatly improved the efficiency, stability and security. This paper is a useful attempt in security research area.Hybrid firewall bases on the Winsock2library SPI packet filtering technology at the application layer to filter transport layer packet, avoiding the intercepted packet to ask the firewall rules and feedback which frequent switching between kernel mode and user mode to improve CPU utilization; the same time, in order to improve the security of the firewall system to intercept the data directly from the network layer application layer, introduced in the system driver layer packet filtering based on NDIS intermediate driver technology to achieve through the NIC transmission packet intercepted.In this software firewall rules tube control and log records of the management to introduce the idea of database management, will rule tube control and log records of the work referred to the database to manipulate the module handle to avoid the complicated data structure handling and file index structure design work. In this paper, we choose lightweight embedded database:SQLITE database for the firewall.