Research And Practice On Transparent Model And Stream Filter Technology In Firewall

Transparent model and stream filter technology of firewall are discussed in this essay.Many networks were built without considering security problems, but security is important today. Firewall is the most effective means to keep network safe. How to set firewall in a network simply and cheaply without changing network structure is put forward before corporations. Firewall can be divided into two kinds of transparent model and anti_transparent in light of whether the way to put into network is transparent. Transparent model firewall has more advantages than anti_transparent firewall by comparison.Traditional firewalls are anti_transparent. These two years transparent firewall products appear. There are two methods to realize transparent model firewall that are bridge model and ARP transparent agency together with forward tactics. Both have some drawbacks. Theoretical source of transparent model' s advantages is discussed, and then solutions of its key technology, last a programming realization-setting network card promsic to receive packets, keeping MAC address, and checking packets base MAC frame to realize transparent model in IP protocol rebuilding.The key technologies of firewall are packet filter and application proxy both of which can' t keep in step with network attack development. As a new firewall structure stream filter overcomes many defects of packet filter and application proxy firewall, together with both advantages improving the anti_attack ability.Base investigation, at present only "DongRuan" Com. Realize stream filter technology in its "NetEye" which isn' t completely transparent for application protocol as publicity, and technical details are considered commerce secret. Through research of TCP protocol, application protocol and TCP datagram network application transmission course, a completely transparent solution of stream filter is provided. Assorting TCP datagram into four sorts to finish capture, rebuilding, check and forward of the sort of TCP block data stream transparently, and packet filter of the residual datagrams. The core is building special TCP , which is different from TCP realizing in usual operating system base RFC.In summary, research and realization of transparent model and stream filter technology are done in this essay. Transparent model realization built in IP rebuilding, one course of rebuild, check and forward of IP data gram base MAC frame and under united structure, and the method to realize stream filter base TCP datagram assorting management and special protocol rebuilding, and TCP datagram rebuilding have nothing to do with application protocol completely transparent for application have some innovations. Experimentations display that the projects are executable and reach the prospective aim.