Design, Hybrid Firewall Based On Network Layer And User Layer

Posted on:2009-08-11

Degree:Master

Type:Thesis

Country:China

Candidate:X J Liang

Full Text:PDF

GTID:2208360275983433

Subject:Software engineering

Abstract/Summary:

PDF Full Text Request

With the development of the Internet, people attach more and more importance to the safety of the Inernet information. In the common quomodo for Internet protection, firewall plays an important role in protecting the Internet information safety system. This article refers to personal firewalls on Windows, which has lots of methods to carry out such as TDI, NDIS HOOK, SPI, the intermediate driver of NDIS and so on. The NDIS is the most popular in all of these. As the NDIS technique implements in low layer of Windows and is situated in the data link layer of the Internet, it can flitrate all kinds of data packets with a steady operation. But the implement of this technique is so complicated that it is hard for the quick development of all kinds of fliters. It will affect the efficiency of the system when doing the flitration of the payload of the Internet data packets evidently.Giving attention to both the intergrality of the flitration and the efficiency and stabilization of the systems, we design and carry out a multilayer flitrating firewall in this article. It mainly consists of two parts: one is the frame of multilayer flitrating system which is on the base of SPI and NDIS techniques;the other is the instance of firewall on base of the frame. This firewall combines both the technique of SPI in user layer and NDIS in kernel layer. It can be used to do the flitration of IP address, the packet head in the TCP, UDP protocol, the ping command in ICMP protocol, as well as the payload of the Internet data packets.Mainly this article can be divided into three parts. Part I is the frame design.It introduces the basic theory of the firewall and the kind of all firewalls first. Then it puts forward the frame of multilayer flitration system, which is on the base of SPI and NDIS. According to the frame, the article introduces the fuction of every part in the firewall instance detailedly. Part II is about the firwall development. In the firewall development, it uses the technique of SPI in the session layer and NDIS intermediate driver so that it can achieve the Internet data packets flitration effectively and gives a very good protection. Part III is about firwall testing. It introduces the testing and work waitngto be perfected.

Keywords/Search Tags:

Intermediate Drivers, Service Provide Interface, Packet classification

PDF Full Text Request

Related items

1	Centralized Control Of The Design And Realization Of The Firewall In The System Environment
2	Research And Application Of Data Packet Interception Technology Under Windows Userspace
3	Research Of The Firewall Based On Intermediate NDIS And SPI Technology
4	Research And Realization Of Network Packets Capture By Using Intermediate Drivers
5	The Design And Implementation Of IPsec VPN Secure Midware In Windows
6	With The Design And Realization Of State Filtering Host Firewall
7	Design Of Information Delivery System's Framework And System Integration
8	Research On General-Utility Intermediate Service Platform Based On Middleware Technique
9	A Design Of Drivers For DSP-ADPCM Voice Encoder And Implementation Of Application-interface
10	A Study On Packet Classification With Packet Markings