Design And Implementation Of Distributed Firewall System In The Host Firewall

With the rapid development of the technology of IT, the corporation network is/becomes popularizing rapidly, and at the same time, the problem of network security becomes more and more important/significant. Distributed firewall (DFW) technology is brought forward to solving this problem. Comparing to Traditional Perimeter Firewall's, DFW's advantages and shortages is analyzed in this paper, then the task and characteristics of the host firewall in DFW is obtained definitely. Our object is to complete a host firewall software which can accomplish the all functions of DFW.The main tasks of the host firewall in DFW are capturing network_packets,receiving security policies,sending logs and "heartbeat".At first, the technologies of capturing network_packet are analyzed and their advantages and shortages are compared in this paper, then SPI HOOK and NDIS HOOK are adopted to implement capturing network_packet . Secondly, based on the necessary of the topology of DFW, a scheme of "heartbeat" is designed and software is realized.Basing on above design, the software design in Windows 2000 is accomplished. Implementing SPI HOOK is sample but not all network_packet pass Socket, so capturing all network_packets is not possible. NDIS HOOK implements in kernel mode, this technology can capture all network_packet. Combining the two technologies make capturing all datagram is possible, which make network more safety. In host firewall, application, dynamic link libraries and driver exchange information such as security policies so continually that host becomes inefficient. To solve this problem, an effective method is given in this paper.In a host, host need receive some types of data include host firewall's security policy, host intrusion detection's security policy and renewed "heart beat". In order to utilizing resource of host effectively, a solution is given in this paper. Host's logs which are sended to Log Server include firewall's intrusion detection's logs. To make logs sended to Log Server normally, a technical approach is provided which make Log Sever's load and network throughput more rational. Host firewall coform with distributed firewall to debug after debugging independently. The result of debug show that the functions and stability of product sample have achieved our goal of designation.