| It is very popular to protect our personal computers by personal firewalls. But owing to their simple functions and poor control abilities to data transfer, the personal firewalls have not played important roles in the network security area. To change such state, we must use new technology to improve the personal firewalls, which makes them run faster and have more powerful control ability to communication. With high running speed, the personal firewall processes will not bring system to run slow.This thesis tries to enhance the personal firewall from two aspects. Firstly, intermediate driver is used to catch and filter the packets; secondly, the stream-filtering . is used in the personal firewall architecture. Intermediate driver is one sort of the drivers that are supported by the NDIS management library of Windows system with NT core. If it is inserted between the NIC card driver and the transport driver, it will behave as a virtual Miniport to its upper edge, and as a Protocol to its lower edge. After doing so, all the packets outward and inward NIC will be captured and transferred.Stream-filtering is a new technology different from traditional packet-filtering, status check and application proxy. It has the ability to control the data communication in all layers of the TCP/IP architecture, but it works in the data link layer and network layer. This thesis tries to combine stream-filtering and intermediate driver technology. At first, we use the intermediate driver to.catch the packet and use shared memory to send the packet to the stream-filtering module; Then, thestream-filtering module reassembles the IP fragments into IP packet; At last, for the connected TCP, it will be filtered according to keywords after one or several TCP segments are reassembled into one complete command, acknowledgement or data.The thesis designs the whole project by combining the two technologies, and implements some of functions and does some experiments.
|
PDF Full Text Request