| Nowadays Internet is unsafe at any moment. When user's PC is connected with Internet, his PC is easily attacked if without any protective measure. Windows 2000 is the best OS (operating system) for Internet business, which is based on Windows NT technology. Besides, Windows OS does not open source code, and therefore network security specialists are unable to directly modify or add network protocol code to ensure the security of the OS. When PC is using Windows 2000 OS to connect with Internet, it is worthwhile to take the problem of how to protect its security into account.This personal firewall is actually designed for this purpose. At present, the core technology of developing personal firewall is the intercepting technology of network data package. Data package is intercepted from two layers of Windows platform: user mode and kernel mode. Many kinds of technology, such as API HOOK, Winsock SPI, are utilized in user mode, but the fatal flaw of these kinds of technology is that they are only confined on the Winsock layer, so many Trojan Horses and viruses can directly call TCP/IP through TDI instead of Winsock to send and receive data. Obviously, the technology mentioned above is useless. Network driver technology is used in kernel mode. Currently, most personal firewalls use NDIS HOOK driver technology. However, NDIS HOOK greatly depends on platform, so developers need to judge OS version so as to use some undocumented structures. As a result, developers have to learn the detailed definition of these structures by using various kinds of debugs, which is very complicated and mistake-leading. The personal firewall discussed here is developed by using TDI filter driver and NDIS intermediate driver. TDI filter driver may obtain detailed information of process accessing network and intercept bottom protocol data package of network protocol stack, so it can intercept most Trojan Horses and back door viruses. NDIS intermediate driver works on the data link layer, which helps enlarge the filter range of data package, so not only IP package but also other kinds of package are intercepted, since data package of data link layer is frame. In addition, NDIS intermediate driver is applied widely in many other areas, such as VPN, NAT, VLAN. In the future, personal firewall technology will integrate with other security technology to develop more powerful network security product. NDIS intermediate driver, with great power in functioning, may realize many additional functions of personal firewall, which is the trend of personal firewall technology.The filtering of network data package is also an emphasis of development of a personal firewall. A filtering algorithm based on rule is presented in this paper, and a layered framework is included in the algorithm.
|
PDF Full Text Request