| Firewall is an efficient measure for guaranteeing the network security. Traditional firewall is poorly efficient since it implements the rule inspection for each data packet. It is also difficult for traditional firewall to recognize the data packet which is forging certain connection. In addition, the traditional firewall does not have the defensive ability to security leaks of operating system. In this thesis, an embedded kernel state inspection firewall is designed which uses the state inspection technology and implements the rule inspection at the beginning of the connection construction. For the latter data packet, the proposed firewall will only implement the state inspection. If the data packet comes from the same connection, the rule inspection will not be implemented; otherwise, the data packet from different connection will be rejected. In this way, the efficiency of packer filtering is greatly improved and the forgery of certain connection can be efficiently prevented. Moreover, the proposed firewall is embedded in the kernel of Windows2000/XP operating system. It can provide the security for both user applications programs and operating system. Since the data packet from the network card is released only after being inspected, the security of operating system can be efficiently guaranteed. As a result, it is of great importance to research the embedded kernel state inspection firewall.In this thesis, the present situation and development trend of firewall technology at home and abroad are introduced. The embedded kernel packet capture technology of Windows2000/XP operating system is analyzed. In addition, the connection TCP packet and connectionless UDP packet oriented state inspection is discussed and realized. On the basis of above, we finally designed and developed the embedded kernel state inspection firewall system. This system has the features of high efficiency, convenience and flexibility. By using the state inspection technology, the efficiency of system has been greatly improved. By designing the rule menu for user to select or delete the rules according to needs, the convenience, flexibility and pertinence of firewall system is also improved. Moreover, we also proposed a SYN attack defending algorithm which dynamically adjusts the time overflow value according to the stock of state table. It can control the stock of the items in the state table and delete the half-connection items in the state table. Thus, the SYN attack can be prevented and the performance of firewall against the SYN attack has been improved. Finally, the experimental comparison between the proposed firewall and the traditional firewall shows that the proposed firewall has the better performance than the traditional firewall. |
PDF Full Text Request