Design And Realization Of The Application-level Firewall Based Windows₂000

The firewall can carry out the network interview strategy,and it is an important way to ensure the network security.However,the traditional firewall technique concentrate on how to keep away the exterior network's inbreak and offensive to the internal network. And the research of how to control the internal customer to interview the outward network is not deep enough, the correlative control techniques are few. It will be certainly affect the network function seriously if simplicity depends on traditional firewall techniques of wrap filter. This text begin from the actual demand of Kunshan Development Zone Administrative Committ,and empolder the suitable firewall software for our own.Different from the traditional filter wrap of the firewall technique,this thesis starts with the application-level gateways technique,going deep into the discuss about making use of the Winsock 2 SPI to carry on the problem of controlling the contents visit of the network,and introduces the design of the Information Network firewall, implement and test conditions in details. This is a new content of the network safety,in other word,it provides a new way of thinking for the safe technique of network for the developed personnel. The main task and contribute of this thesis are:(1) This thesis firstly goes deeply into the study of the Windows network structure mode:the delaminating structure in the Windows,the relation of the application layer and the core layer,and the two kinds of different work ways of EXE and DLL in the application layer. Aim at the technic traits of Winsock 2,this thesis analyzes the possibility to make the controlling of Winsock 2 SPI carrying out the interview function.(2)This thesis brings forward the general design thoughts of Information Network firewall,that is to make use of substituted system DLL document that intercepts and seize the data to carry on the research and carried out the interview control of the applied procedure,which is carried out according to Winsock 2 SPI personal firewall. Therefore,in the process of design firewall can use our own mature network layer agreement directly and the drive module,simplify the design and make the work satisfy the new request in the fireproofing wall of the application layer.(3)Finally,this thesis have given particular design project,among them including the core network agreement function that receives and dispatches the data on the network. The function about the filter and control of the application layer program,the surveillance of package,inquire about the log,and test the firewall system and analyze the result,validate the rationality and feasibility of foregoing design project.The actual motion indicated that the use of Information Network firewall has promote Kunshan Development Zone Administrative Committ's network service secrity. And the advance of network security capability will inpel the computer system of Kunshan Development Zone Administrative Committ run well. Thus it can improve the control level of development zone.This thesis has practical guiding significance to the empolder of network application under Windows roof,especially to the design and implement of the firewall.