Based On The Design Of The Windows Personal Firewall

With the development of computer technology and the universality of the Internet, the network security becomes an important problem that each network customer must consider. Security problem of network usually bring the serious consequence. When more and more personal computers access to the Internet, the attacks and the inbreeds to the computers are increasing quickly, which due to more and more wiretaps. The personal firewall is an efficient method to protect the personal computers.I designed a personal firewall designed for this one. The current development of the personal firewall technology is the core technology of network packets intercept. To intercept the Windows of the network packets can lans in two aspects:user mode and the kernel mode. In user mode can be adopted APIHOOK WinsookSPI, etc. But these techniques is only the most fatal flaw in Winsock, some viruses and trojans program winSOck around easily directly by TDI called TCP/1P sending and receiving data, then use the technology was apparently helpless. In kernel mode mainly adopts network driver technology. Currently most personal firewall using kernel-mode NDIS driver programming techniques, but the hooks, the technology of the platform dependent more big, need in the process of the operating system and judge not use some version of the document structure definition. Therefore, using this technology need developers use all sorts of debugging tool to explore these structures are defined and trival and error-prone. This system USES kernel mode of TDI driver and intermediate filtration NDIS driver technology development. TDI filter drivers can get access to the network, and the detailed information of the process to intercept network protocol stack layer packets, can be easily intercept backdoor Trojan and some. NDIS driver work in the middle of the data link layer, data link packet is intercepted frame. So, not only can intercept IP packets and still can intercept the IP packets, expand the scope of the packet filtering. Using this technology development of personal firewall more safety.The thesis states how to design and realize network firewall base on Windows system. It introduces network data capture and filter technology, including Winsock Layered Service Provider (LSP), Windows packet filter interface, TDI Filter Driver, NDIS Intermediate Driver, Windows Filter-Hook Driver and NDIS Hook Driver. It focuses on IMD and LSP technology. Furthermore, the treatise improves the theoretical knowledge to practice by developing a software firewall using double filter, which means kernel layer and application layer filter network data packet. In addition the system database by data mining technology will be the analysis of the log back to the mining system to identify potential threats and optimize firewall rule.