SOCKS防火墙的研究与实现

【作者】 柳勤；

【导师】 顾其威；

【作者基本信息】 南京航空航天大学 ， 计算机应用技术， 2002， 硕士

【摘要】 随着Internet和Intranet的飞速发展，防火墙已经成为保护网络安全的一个重要措施。SOCKS防火墙技术是一个比较完善的防火墙技术，在国内起步较晚，而国家有关部门指出国家职能部门不得使用国外安全产品，因此SOCKS防火墙的内部实现细节和相关技术是一个迫切需要研究的重要课题。本文首先对各层次的防火墙技术进行了分析和比较，然后介绍了SOCKS防火墙的原理，对SOCKSV5协议和SOCKS技术的安全机制进行了分析和研究。在对协议和安全机制的研究基础上，实现了SOCKS防火墙的基本功能。在文章中对SOCKSV5具有的新功能的实现进行了重点分析：UDP应用的实现和认证机制的实现。其中，认证机制的实现包括用户名密码认证的实现和GSS-API的认证的实现。本文着重分析了GSS,API的原理、过程和主要接口，并在分析SOCKS／GSS-API协议的基础上，实现了SOCKS防火墙中的GSS-API认证。最后，本文总结了系统实现的总体框架和流程，并对系统今后的扩展提出了设想。更多还原

【Abstract】 With the rapid development of Internet and Intranet, firewall has become an important icasure to protect the security of Intranet. SOCKS firewall technique is a pretty good firewall technique, but it starts lately in our country. Because some departments of country shouldn’t use the security products of foreign country, it is an urgent project to research the internal detailed realization and relative technique of SOCKS firewall. Firstly, the thesis analyzes and compares firewall techniques of each levels; after that it introduces the theory of SOCKS firewall, and analyzes and researches the SOCKS V5 protocol and security mechanism of SOCKS technique. On this basis, it realizes the basic functions of SOCKS firewall. This thesis makes emphases on the realization of new functions of SOCKS V5: the realization of UDP application and realization of authorization mechanism. Among that, the realization of authorization mechanism includes the realization of username/password authorization and GSS-API authorization. The thesis analyzes the theory, procedure and interface of GSS-API, and on the basis of analyzing SOCKS/GSS-API protocol, realizes the GSS-API authorization in our SOCKS firewall. Finally, the thesis summarizes the frame and flow of the system, and brings forward the design of the system extension.更多还原