| With the rapid development of Internet and the popularity of network applications, computer networks have become an indispensable part of life. In recent years, Internet is an alarming rate in the global development, has extensive influence in all areas of daily life. However, the development of the Internet brought about the security of network systems, is becoming increasingly prominent. The vulnerability of computer systems constitute a direct threat to the system, especially the network system, the threat is even more complex, a greater impact on the social and economic life. Widely used as a communication platform, the Internet's security problems have also been widespread concern. Network security firewall is an important preventive measures, its usually form the gateway built between internet and intranet, while ignoring the potential internal network threats. Windows operating system as the world's largest operating system user, it naturally became the main internal network security issues in the study. Computer system security is a very complex subject. With the computer used in daily life, information sharing and data communications to achieve, computer viruses are constantly produced and disseminated, computer network as a common criminal invasion of the user channels. To ensure the healthy development of the network, the data from being accessed, so privacy has been leaked a number of issues have to be addressed. Therefore, the emergence of a number of security technologies and products, providing security of all aspects. These products include firewalls, secure routers, authentication systems, virtual private network devices, intrusion detection systems, network and system security analysis system and so on. Wide area computer network with distributed nature of open architecture, resource sharing and sharing of the channel characteristics, inevitably bring the vulnerability of the system, so information security become increasingly prominent.As the primary means of network security policy, firewalls are widely used in Internet / Intranet for construction. The application from the perspective of the firewall can be divided into two types: corporate firewalls and personal firewall. The early market is the corporate firewall, the firewall products. These products protect the entire network to resolve internal and Internet security issues regarding interconnection. Although they function quite powerful, but because they are based on the following assumptions: the internal network is secure, all the threats from the net, so they just "do not prevent anti-foreign inside", is difficult to achieve between the host within LAN secure communications. Corporate firewall, personal firewall and the biggest difference is the personal firewall protects a computer, which is conducive to resolving the security of each host communication. This is the students through the campus network (corporate firewall installed on the campus network) access, generally also in their personal firewall installed on a computer causes. Therefore, personal firewall on Windows operating systems analysis and research with high practical significance. Personal Firewall is accompanied by universal and Intemet PC, developed. Personal Firewall technology to be slower than traditional perimeter firewalls. Border firewall technology development has gone through three stages: packet filtering type firewall, proxy-based firewall, the firewall on state detection technology, coupled with intrusion detection, log audit, virtual private networks in, the whole is very powerful, and personal Firewall progress, or order for the application to filter the main security features are very limited. As well as some personal firewall, application proxy will be joined by some functions, for application specific filter design. For example AtGuard personal firewall, the firewall in addition to providing general features, applications were made for powerful application WEB expansion, such as site filtering, privacy protection, etc., through which users can automatically filter the ads, you can also define their own new filtering conditions can also look at all current network connections and data traffic so a lot of features, very special. Overseas study and application of the firewall has been started for many years, the United States, Britain, Canada, Australia, Japan and other countries have attached great importance to the development and application firewall construction. In the United States, the Federal Government to set up a Steering Committee, it provides policy, regulations, standards of guidance, network security manufacturers with technology leadership and visibility in various application fields drive straight.The topic of network security issues from the current start, briefly introduced the use of firewall technology and pointed out the importance of the firewall, focusing on WindowS systems kernel-mode driver design, analysis of the current network packet interception technology, the basis of the analysis Comparison of various programs, a core based on application layer and double layer on the data packet filter solution, in the application layer DLL WinsockZSPI Technology Development Program for Socket-based communication services, acquisition phase, the core layer by NDISHOOK technology development driver Socket implementation of non-intercepted network packet, according to design programs to achieve personal firewall system development. By analyzing a variety of firewall technology and network operating system works based on the Windows operating system designed based on the personal firewall software, the introduction of new Winsock service provider interface (SPI, ServiceProviderInterfaee) network packet interception technology, the system analyzed and the code design and implementation. The benefits of this approach is direct access to detailed information call the Winsock process, so the packets can be intercepted by, of processing, and transmission quality control (QoS, QualityofServiee), expansion of TCP / IP protocol stack, data stream encryption and network security control purposes. The firewall is implemented as user-level operating system, combined with an application close, easy to develop implementation and development need not be concerned about the underlying implementation details of specific, relatively transparent. On the contrary, and to achieve more in the core layer firewall, the firewall based on the user layer has its own flaws, therefore, that the underlying network protocol stack of network protocol packets can not be processed, such as the Trojan horse and virus specific terms, because they can not for early analysis of its processing can not achieve effective blocking, but as a reasonable data. For lack of them, you can expand the system later, perfect to make up the actual situation.In this paper, the form of engineering technology through the principles of the firewall analysis, combined with the existing Windows operating system and firewall software, analysis of the basic principles of firewall technology. Winsock2 service provider interface used (Service Provider Interfaee, SPI) program, SPI is the new Windows Sockets (WindowsSockets2.0) the introduction of a new programming interface. Using this technology can be inserted in the Socket layer, which can be completed such as the transmission quality control, expansion of TCP / IP protocol stack, URL filtering and network security control functions. System uses a modular programming ideas, including the completion of packet capture module, data packet filtering module, packet forwarding module and the logging module, end-use Visual C + +6.0 to complete the preparation of system code. |
PDF Full Text Request