【作者】 方芳；

【导师】 赵新建； 朱巨军；

【作者基本信息】 浙江工业大学 ， 电子与通信工程， 2007， 硕士

【摘要】 随着计算机网络的迅速发展,越来越多的个人计算机连入了Internet,如何有效保护这些联网计算机不被黑客攻击成为用户关心的问题,其中个人防火墙软件是个人用户的最佳选择。个人防火墙是面向单机操作系统的一种小型安全防护软件,直接在用户的计算机上运行。它能对公共网络中的单个系统提供保护,不需要额外的硬件资源就能增加对系统的保护,除了可以抵挡外来攻击的同时,还可以抵挡内部的攻击,并且它还具有较高的经济价值,因此对个人防火墙展开研究具有非常重要的意义。本文在深入研究个人防火墙的工作原理和核心技术基础上,提出了一种基于Winsock2SPI和NDIS HOOK的个人防火墙软件设计方案。本文的主要工作和成果如下:1.详细分析了防火墙的工作原理和核心技术,认真研究了个人防火墙的研究现状并对个人防火墙的发展趋势进行了简单的预测。2.深入阐述了与个人防火墙密切相关的网络协议和网络协议架构,分析了OSI模型和TCP/IP模型在个人防火墙中的应用。3.综合分析了多种网络数据拦截技术的优缺点,在此基础上,提出了一种可行的安全性较高的个人防火墙设计方案,即采用应用层Winsock2 SPI和核心层NDIS HOOK双层过滤方法。本方案在应用层利用Winsock2 SPI技术开发DLL程序,拦截所有的基于Socket的网络通信,在核心层利用NDIS HOOK来过滤底层的数据包。更多还原

【Abstract】 With the rapid growth of computer network, the number of personal computers connected to the Internet is also increasing. How to avoid these computers being attacked by the hackers has been one pressing problem. The personal firewall (PFW) software is the best choice for personal users.PFW is guarding software for single operating system, which can run directly in the users’ computers. It can protect a single system in the public networks without extra hardware resource. PFW can keep out not only the external attacks but also the internal attacks, which also takes on high economic value. It is very important to study the PFW.The thesis presents a novel PFW design scheme after deeply investigating the operational principle and core technologies of the PFW, which is based on Winsock2 SPI and NDIS HOOK.1. The working principle and core technologies are analyzed in detail. The research current situation of PFW is formulated and its developing trend is simply predicted.2. The networking protocols and their frameworks are discussed deeply, and the OSI and TCP/IP models are also researched.3. Based on the systemic analysis of several network data interception technologies, the thesis presents a novel high-security PFW design scheme. Winsock2 SPI technology is used to develop the DLL programs to intercept all the network communications based on socket in the application layer. While in the kernel layer, NDIS HOOK is applied to filter the data packets of the bottom layer.更多还原