| Because the traditional firewall believes that the exterior network could protect the inner network, so when people set down the security strategies, they always make different filtering rules to exterior network and inner network. But in the recent several years the network attack from inner network increased a lot, the traditional border firewall couldn't resist this kind of attack, so the host firewall seems to be very important. In my thesis I analyze all sorts of technology of host firewall, after compare them to each other, I make some improvement on the traditional packets filtering firewall, combined with the essence and need of network security, finally I propose one packets filtering firewall system design plan based on the technology and experiment we could use. That is to design a host firewall staying in the inner network terminal. It spreads the firewall to the terminal of inner network so as to protect inner network from invalid visiting and malice damage.The firewall that designed in the thesis is based on stateful packets filtering, that is to filter the data packets which come from inner network terminal according to the protocol types , source and destination IP address, TCP and UDP port numbers, then get balance between resource saving and network security. The filtering rules of firewall could add and delete by administrator according to needs. Packets filtering work was controlled by control platform which is... |
PDF Full Text Request