Font Size: a A A

Research And Implementation On The Miniature Embedded Safety Gateway

Posted on:2008-02-22Degree:MasterType:Thesis
Country:ChinaCandidate:M YangFull Text:PDF
GTID:2178360242472266Subject:Communication and Information System
Abstract/Summary:
In this thesis, we research replanting embedded Linux, firewall based on embedded Linux and defending Distributed Denial of Service attacks. We present a mimiature embedded safety gateway that hold out several kinds of connection modes with internet, and integrate many advance firewall technologies, such as packet filter, state inspection, log and network address translation. Open in its source code and convenient usability of the embedded Linux greatly impel the research of security technique and the development of security product based on the embedded Linux. The development of embedded technology is discussed and the procedures to customize a embedded Linux system are described. Next, the thesis analyzes how netfilter, namely Linux firewall's kernel level component, implements firewall's functions and abstracts important data structure and data stream. Based on knowledge above, a state inspection packet filtering system in which we add the state inspection function to the original packet filter mechanism in the Linux OS is proposed. Then the network address translation based on the state inspection is practiced. The simple packet filter mechanism works fast, but it has security problem. Though the state inspection mechanism works securily, it is limited with memory's size and perhaps it can't meet the need of the situation when there are a lot of clients to visit. The state inspection packet filtering can get more information about the security. So we can make full use of the advantages of the two firewall technolgies and avoid the disadvantage in the original packet filtering system, the security policy can be simplified. Firewall have drawbacks to defend DDoS attacks. Therefore a defence mechanism which can meet the requirements and protect against DDoS attacks effectively is designed. Especially, a key detection algorithm for SYN Flood is analyzed and improved on. Finally, the author has tested the firewall script about the eficiency and security. Actual test process and solution to the problems is particularly presented. It is proved by the test that this script claims high-degree security and flexibility. The expected requirements have been fulfilled.
Keywords/Search Tags:Safety Gateway, Embedded Linux, Netfilter, State inspection, DDoS
Related items