The Design And Implementation Of Capture And Analysis Modules Based On DPI In Firewall System

At the time of the ever-increasing development of enterprise information security management, finding a way to protect the security of enterprise networks is becoming more and more urgent to industry decision-makers. The enterprise firewall provides a solution to this problem. Unlike a personal firewall, enterprise firewall manages the overall enterprise information security from the perspective of the network as a whole rather than by fighting alone in a single device. Nevertheless, the enterprise network is facing new threats which are caused by substantial progress in the mobile Internet of which the mobile devices are bringing security risks to the enterprise, because the introduction of wireless network technology to the existing wired network technologies have brought tremendous vulnerabilities.Currently firewall solutions for enterprise mobile network is slowly taking their marketplace, which the enterprise network security challenges to, are bringing opportunities to the mobile network firewall industries. WSG(Wireless Security Gateway) was created in this scenario by Trend Micro Corp. This project is aimed to managing enterprise wireless access, capturing network stream to analyse current situation by using DPI(Deep Packet Inspection) technology, controlling devices’ access if needed. WSG is divided into capture module, analyse module, integration module and web service module.This article describes the design and implementation of the wireless firewall product: Trend Micro’s WSG. And this article will show requirements engineering point of view of the WSG modules, and describe the details of the design. The implementation section in this article discusses the basic principles of analysis module’s design based on DPI technology, the capture module’s design and implementation, and how to design the most effective network security analysis module based on DPI technology. The analyse module part will discuss the four major parts of analyzing and how to implement them by event-driven processes, and then introduce the database tables and SQL queries that implement the log-quering part of analyse module.