| With the fast development in the network technique, the safety of the network becomes increasingly outstanding. The hackers and virus brought huge damage to the Internet customers annually, and the personal firewall has huge foreground to apply. Personal firewalls generally adopt packet filtering to carry out. And packet filtering firewall is a kind of cheap and valid means in general use which doesn't adopt special treatment to each concrete network service.Packet filtering firewalls contain a lot of kind. Some firewalls filtrate data packets at application layer. It makes the procedure development period become shorter and is easier to carry out. This kind of firewalls also takes up less CPU and can acquire detailed information of progress. But the weakness of this kind of firewall is also very obvious. It can't catch all data packets, and the safety is lower. Besides, it makes the efficiency of network usage become very low. Some firewalls work in the NDIS layer so that they can carry on filtration to all data packets, and their safety is better. But because they work at comparatively lower layer, the development period of them is longer.Combine above analysis, based on the safety of NDIS layer and the simple design of SPI layer, this system adopted a HOOK mode in these 2 layers to carry out a firewall. It can catch and parse all data packets at NDIS layer, especially realize the filtration of data packets which don't pass through the SPI layer. It also can carry on filtration of the data packets which communicate through SOCKET at the SPI layer. So this system crosses over four network layers: the application layer, the network layer, transport layer and link layer. And the share of memory will be one of the difficult points that the system needs to emphasize in design. Through the restriction of website visiting, application, the ICMP and on-line neighbor interview, it will protect the safety of the customer computer data in the biggest degree.The firewalls spreading on the market currently usually emphasize safety relatively, but they have some limitations in the speed of network packets processing and system resources occupation. To greatly parts of personal computer customers, the system responding time is more important than the safety to a certain degree. This system has good expansibility and relatively high speed. It is a kind of firewall that deserves trust of. |
PDF Full Text Request