| Because hackers attack the personal network users with higher and higher frequency and by more expert means, the security-protection technology, pointing to PC, has become the focus of research field for current network security. As a basic application security technology based on modern communication and information security, firewall is more and more applied in Internet. It is the development direction of present individual security technology to protect PC with various network security technologies.The individual security defense system mentioned in the article is a complex security-protection system which integrates packet filter technology and intrusion detection technology. The researching key point in the paper 15 the design and realization of the packet filter technology in individual security defense system. In this paper , which takes the Course of realization of packet filter subsystem as main thread , author analyzed in-depth all kinds of key technologies in packet filter subsystem that 15 based on personal computer combining the features of windows 2000 platform technology . Author analyzes and compares the advantages and disadvantages of existing packet filter technologies and designed a packet filter model for PC according to leitmotiv of model design. Then author discusses the operating principle of windows 2000 protocols stacks in detail and analyzed the running mechanism of driver of NDIS , on the basis of which author also explicates how to intercept data packets grounded on NDIS driver . Author describes the principles of the packet verification and show the whole process of the verification. In the part of interface technology, author analyzes how to design interface to realize the intrusion detection and feed back the dynamic policies of content filter subsystem. Last, author test the individual security defense system in a LAN which connect to Internet and give the result of the test.In this topic research, has specifically done following several aspects work:1,The reason, the characteristic produces which to the current network security have carried on thoroughly the analysis and the research, especially the main security problem which faces to the present firewall has carried on the careful discussion.2,Described the package to filter the firewall system the overall structure, and according to the function lamination thought, has defined the firewall system each composition level function.3,Thoroughly has studied under the Windows platform network data packet highly effective interception mechanism and the protocol analysis mechanism; In retains the package to filter the system fast, is transparent and so on in the merit foundation, proposed the dynamic network data packet filters model, and basically has realized the firewall function. |
PDF Full Text Request