With The Design And Realization Of State Filtering Host Firewall

With the rapid development of Internet, more and more ordinary network users connect to it. While people enjoy the convenience and great efficiency brought by the Internet, their computers are continually suffered from hackers'attacks and inbreaks. So, the security-protection technology for PC has become the focus of research field of current network security. At the present time, the security-protection for PC mainly adapts host firewall system implemented by isolated technology in the market,which prevents it from meeting user's demands for overall security. In consideration of the Windows OS being the major operation system of users nowadays, The paper mainly aims at,under Windows 2000 ,exploiting NDIS intermediate drivers to intercept all packets which communicate with the user's computer and employing security strategy rules and packet stateful filtering mechanism to implement user host firewall system. Firstly, this paper introduces the firewall technology and other technology relating to the topic, expounds the network protocol architecture of Windows, research many kinds of network packet intercepting technology, analysis their merits and shortcomings. Secondly, we expound the system design thinking and objective of personal host firewall, and adopt NDIS intermediate drivers to implement the network packet interception, and portray the framework of the project as well as the design of function of each module. Finally, we expatiate the design and implementation of the core modules (including packet intercepting module, packet parsing module and packet filtering module) as well as some relevant modules. We put the focus on the structure and core implementation of the NDIS intermediate drivers, illustrating how to realize an effective protection by different filtering mechanism according to analysis on packet feature against different protocol. The paper explores the NDIS intermediate drivers based packet interception technology and the packet stateful filtering technology, serving as a foundation for development and improvement of the host firewall system in the future, and shows a remarkable significance.