【作者】 丁勇；

【导师】 蒋朝根；

【作者基本信息】 西南交通大学 ， 计算机应用技术， 2003， 硕士

【摘要】 随着互联网的飞速发展，越来越多的企业和用户连接到互联网中。人们在充分享受着互联网所带来的方便和高效的同时，也不断受到各种计算机病毒感染和黑客恶意攻击的侵扰。在网络安全解决方案中，建立或设置防火墙是一个非常关键和有效的环节。然而，当前市场上的防火墙产品多为企业级的网关型防火墙，而针对个人用户的防火墙产品则较少。针对这种情况，本文设计和实现了一个Windows操作系统下的个人防火墙软件。与目前已有的个人防火墙产品比较，本文的防火墙软件采用了一种新的实现方法，即利用Winsock 2服务提供者接口(Service Provider Interface，SPI)程序实现防火墙。SPI是新的Windows套接字(Windows Sockets 2.0)所引入的一种新的编程接口。利用这种技术可以在Socket中插入一层，从而可以完成诸如传输质量控制、扩展TCP／IP协议栈、URL过滤及网络安全控制等功能。由于该方法是在用户层实现，因此编程较为容易，并且易于同应用程序结合。 本文首先从网络安全理论谈起，从网络安全问题产生的原因到网络安全的目标和网络安全的层次，继而引入了个人电脑所面临的安全问题及合适的解决方法。接着，本文介绍了防火墙的原理和技术，其中重点介绍了个人防火墙的概念、功能和各种技术。在此基础上，本文详细叙述了所设计的个人防火墙软件的总体框架结构，并在后续章节分别阐述各个功能模块的具体设计和实现过程。更多还原

【Abstract】 With the rapid development of Internet, many enterprise users and single users connect to it. People enjoy the convenience and great efficiency brought by the Internet, at the same time, their computers are continually suffered from many kinds of computer virus and hackers’ attack. One of the effectual and important solutions for network security is to set firewall. Now there are many firewall for enterprise, but there is few firewall for personal computer. Being based upon this situation, a firewall of personal computer working on Windows operating system is designed and implemented. Comparing the existent personal firewall, a new method which is based on Winsock Service Provider Interface (SPI) is used to realize the PC firewall. SPI is a new programming interface afforded by the Windows Sockets 2.0. With the new method, many functions can be completed, such as transfers quality control, expanding TCP/IP protocol stack, URL filtration and network security control, through inserting a layer in Socket. Because the method is realized in user mode of the operating system, the software is easy to be programmed and to be combined to windows application.Firstly, the theories of network security are introduced in the thesis, including causations, aims and categories of network security . Then the problems of network security which personal computers are confronted with are brought forward. The second, the principles and technologies of firewall are described, including the concepts, functions and various technologies of personal firewall which are the emphases. The third, the whole framework of the designed personal firewall is introduced in detail. At last, how to design and implement the involved functional modules is expatiated in the succedent chapters.更多还原