The Research And Realization Of The Firewall Based On SPI

With Internet and personal computers becoming popular, information security is concerned by more and more people.Global computer information system is threatened by a lagre kinds of hackers ,Trojan Horses and viruses seriously,in which personal computers are most easily attacked.The insecurity of personal computers will bring the users immeasurable economical loss. From some sense, the security threat of personal computers prevents the electronical business from developing further. So it is urged to keep personal computers safe. Windows is the most popular operating system on personal computers. For it is not a secure operating system and there are many leaks in it, it is important to develop secure software for this operating system. The main research of the paper is one of Windows network security technologies, that is to say, firewall technology.The interception of network datagram is one of the kernel technologies to be solved to every personal firewall. WinSock 2 SPI technology can intercept datagrams in application layer, which are sent or received by the call to WinSock 2 API. In addition , some information of the progress which the datagram belongs to can be got. But we can't intercept a non TCP/IP datagram if we use SPI only. Moreover, some Trojan Horses and attacks of hacker can avod SPI. IMD can intercept almost all datagrams. But IMD works at kernel layer, so it is not easy to get the information of the progress about the datagram. This firewall system makes use of the two methods. Therefore, it not only can get the application layer information about the datagram, but also can intercept the datagrams that can't be intercepted by SPI only. It is a new useful try for Windows personal firewall.In recent years, there are many institutes which research and develop personal firewall systems on Windows, In comparison with them, this firewall system has two advantages, one is it can filter packets in both application layer and kernel layer, the other is it provides a senior function that resolves and displays the packets at kernel layer. This firewall system bases on Windows XP operating system. The main developing tools include VC++ 6.0,SDK and DDK. The main debug tools include DebugViewEx and SOFTICE. After system design, code and test, the firewall can run successfully on Windows 2000 and the later version Windows. The firewall provides the user a good interface. It provides a perfect log system, too. The memory and CPU consumed is relative small when the firewall is running. The test results show that the firewall can prevent attacks of hackers and Trojan Horses effectively.