| With the rapid development of Internet, the information technology has continuously influenced every aspect of society, which has brought huge economic and social benefits, but it also brings security risks that can not be ignored. As an effective way to guarantee network security, firewall has been widely accepted and used.Linux as a widely used open source operating system, has excellent network performance and reliable firewall architecture. More and more users choose Linux as a firewall platform, since its functionality and performance is comparable with many commercial firewall products.This thesis, to begin with, discusses the concepts of firewall technology and its developing history, analyses the framework of Netfilter and packet filtering process. Design and developed a Embedded Firewall system base on the embedded Linux operating system and Netfilter firewall architecture.Many new protocols defined on the application level,which is based on variable port, and transport data through the http port 80, is hard to identify by the traditional packet filtering firewall.This thesis introduced an approach based on regular expression matching method to check the contents of packets, identify and filter with iptables.Denial of service attack, which always send to the server a large number of requests with fake IP addresses, is very popular in recent years. As the most commonly used network security products, firewall does not take into account for DDoS protection in the design, due to the entrance of the network, in some cases, firewall even becomes to the target of DDoS attack, and results in the denial of the entire network services. On the basis of DDoS attack and its defending strategies, especially on the implement of SYN Cookie in Linux kernel, this thesis analyses its Advantage and defects, and introduced an improvement of SYN Cookie mechanism. |
PDF Full Text Request