Research Of Network Isolator Based On Dual FIFO

Followed the development of computer network technology, computer network applications are increasingly concerned by the majority of users, there has also been increasingly prominent and dangerous of the computer systems on the network security issues. Network intrusion and attacks, not only cause huge economic losses but also endanger national security and social stability, a variety of methods for network threats also came into being. Generally used a firewall, intrusion detection systems and other safety measures, but these techniques are based on the protection of software and still has many loopholes nowerdays, so they can not guarantee their virus attacks. Therefore, the best way is to distribute important data which contains the user's network and external network ,the user can isolate access information and the information can not get from the Internet, so that the virus can not invade.This paper presents a network isolation system network based on the a double FIFO buffer and FPGA technology . The whole process is completed by the Nios II processor core using FPGA hardware IP modules, system's delay is relatively small,and the speed is faster. Since in the data exchange process, the external and internal network is not directly connected, all the data exchange through the network security isolation devices, largely to avoid the internal private network being attacked by the invasion of the packet from the external network malicious code.For the system more secure and efficient, the network data packet filtering module is also added to this isolation system, we can use the control unit of the system to extract the packet header information of the packet entering the system,104 bits of information including the source IP address, destination IP address, source port, destination port and protocol type is sent to the the appropriate filtering unit by the header information distribution unit. Finally, the system judges the results of the filtering unit and determines whether the packet can enter the internal network based on the rules pre-judged by the system.The packet filtering hardware algorithms presented in this article takes advantage of the parallelism of FPGA.By the data packet filtering hardware algorithm the filtering speed is highly improved, and it prevents unwanted data packets into the system, it makes the system more efficient and secure.