Windows个人防火墙的设计与研究
摘要
随着计算机网络的迅速发展,越来越多的个人计算机连入了Internet,如何有效保护这些联网计算机不被黑客攻击成为用户关心的问题,其中个人防火墙软件是个人用户的最佳选择。个人防火墙是面向单机操作系统的一种小型安全防护软件,直接在用户的计算机上运行。它能对公共网络中的单个系统提供保护,不需要额外的硬件资源就能增加对系统的保护,除了可以抵挡外来攻击的同时,还可以抵挡内部的攻击,并且它还具有较高的经济价值,因此对个人防火墙展开研究具有非常重要的意义。
本文在深入研究个人防火墙的工作原理和核心技术基础上,提出了一种基于Winsock2SPI和NDIS HOOK的个人防火墙软件设计方案。本文的主要工作和成果如下:
1.详细分析了防火墙的工作原理和核心技术,认真研究了个人防火墙的研究现状并对个人防火墙的发展趋势进行了简单的预测。
2.深入阐述了与个人防火墙密切相关的网络协议和网络协议架构,分析了OSI模型和TCP/IP模型在个人防火墙中的应用。
3.综合分析了多种网络数据拦截技术的优缺点,在此基础上,提出了一种可行的安全性较高的个人防火墙设计方案,即采用应用层Winsock2 SPI和核心层NDIS HOOK双层过滤方法。本方案在应用层利用Winsock2 SPI技术开发DLL程序,拦截所有的基于Socket的网络通信,在核心层利用NDIS HOOK来过滤底层的数据包。
With the rapid growth of computer network, the number of personal computers connected to the Internet is also increasing. How to avoid these computers being attacked by the hackers has been one pressing problem. The personal firewall (PFW) software is the best choice for personal users.PFW is guarding software for single operating system, which can run directly in the users' computers. It can protect a single system in the public networks without extra hardware resource. PFW can keep out not only the external attacks but also the internal attacks, which also takes on high economic value. It is very important to study the PFW.
The thesis presents a novel PFW design scheme after deeply investigating the operational principle and core technologies of the PFW, which is based on Winsock2 SPI and NDIS HOOK.
1. The working principle and core technologies are analyzed in detail. The research current situation of PFW is formulated and its developing trend is simply predicted.
2. The networking protocols and their frameworks are discussed deeply, and the OSI and TCP/IP models are also researched.
3. Based on the systemic analysis of several network data interception technologies, the thesis presents a novel high-security PFW design scheme. Winsock2 SPI technology is used to develop the DLL programs to intercept all the network communications based on socket in the application layer. While in the kernel layer, NDIS HOOK is applied to filter the data packets of the bottom layer.
本文在深入研究个人防火墙的工作原理和核心技术基础上,提出了一种基于Winsock2SPI和NDIS HOOK的个人防火墙软件设计方案。本文的主要工作和成果如下:
1.详细分析了防火墙的工作原理和核心技术,认真研究了个人防火墙的研究现状并对个人防火墙的发展趋势进行了简单的预测。
2.深入阐述了与个人防火墙密切相关的网络协议和网络协议架构,分析了OSI模型和TCP/IP模型在个人防火墙中的应用。
3.综合分析了多种网络数据拦截技术的优缺点,在此基础上,提出了一种可行的安全性较高的个人防火墙设计方案,即采用应用层Winsock2 SPI和核心层NDIS HOOK双层过滤方法。本方案在应用层利用Winsock2 SPI技术开发DLL程序,拦截所有的基于Socket的网络通信,在核心层利用NDIS HOOK来过滤底层的数据包。
With the rapid growth of computer network, the number of personal computers connected to the Internet is also increasing. How to avoid these computers being attacked by the hackers has been one pressing problem. The personal firewall (PFW) software is the best choice for personal users.PFW is guarding software for single operating system, which can run directly in the users' computers. It can protect a single system in the public networks without extra hardware resource. PFW can keep out not only the external attacks but also the internal attacks, which also takes on high economic value. It is very important to study the PFW.
The thesis presents a novel PFW design scheme after deeply investigating the operational principle and core technologies of the PFW, which is based on Winsock2 SPI and NDIS HOOK.
1. The working principle and core technologies are analyzed in detail. The research current situation of PFW is formulated and its developing trend is simply predicted.
2. The networking protocols and their frameworks are discussed deeply, and the OSI and TCP/IP models are also researched.
3. Based on the systemic analysis of several network data interception technologies, the thesis presents a novel high-security PFW design scheme. Winsock2 SPI technology is used to develop the DLL programs to intercept all the network communications based on socket in the application layer. While in the kernel layer, NDIS HOOK is applied to filter the data packets of the bottom layer.
引文
铩颷1]陈天洲,陈纯,谷小妮.计算机安全策略[M].杭州:浙江大学出版社,2004.
[2]杨辉,吴吴.防火墙-网络安全解决方案[M].北京:国防工业出版社,2001.
[3]阎慧,王伟,宁宇鹏.防火墙原理与技术[M].北京:机械工业出版社,2004.
[4]黎连业.防火墙及其应用技术[M].北京:清华大学出版社,2004.
[5](美)GregHolden著,王斌,孔璐译.防火墙与网络安全-入侵检测和VPN[M],北京:清华大学出版社,2004.
[6](美)Jerry Lee Ford.个人防火墙[M].北京:人民邮电出版社,2002.
[7]高飞,高平.计算机网络和网络安全基础[M].北京:北京理工大学出版社,2002.
[8]雷震甲.计算机网络[M].西安:西安电子科技大学出版社,1999.
[9]任泰明.TCP/IP协议与网络编程[M].西安:西安电子科技大学出版杜,2004.
[10]王利,张玉祥,杨良怀.计算机网络使用教程[M].北京:清华大学出版社,1999.
[11]Behrouze A.Forouzan,Sophia Chung Fegan著,谢希仁译.TCP/IP协议族[M],第2版.北京:清华大学出版社,2003.
[12]朱雁辉.Windows防火墙与网络封包截获技术[M].北京:电子工业出版社,2002.
[13]陈琪,屈光,高传善.Windows单机版防火墙包过滤多种方案比较与实现[J].计算机应用与软件,2005,22(5):114-116.
[14]宋璇,张仲虎,吕国宾.Windows 2000网络封包的截获技术[J].计算机与现代化,2003,4:77-80.
[15]郭兴阳,高峰,唐朝京.一种NDIS中间层数据包过滤方法[J].计算机工程,2004,30(17):102-103.
[16]蒋东兴.Windows Sockets网络程序设计大全[M].北京:清华大学出版社,1999.
[17]李晓莺,曾启铭.NDIS网络驱动程序的研究与实现[J].计算机应用,2002,22(4):60-61.
[18]陈向群.Windows内核实验教程[M].北京:机械工程出版社,2002.
[19]Microsoft公司.Microsoft Windows驱动程序开发大全.北京:机械工程出版社,2001.
[20]康姝,卢显良.基于NDIS的状态包过滤个人防火墙[J].实验科学与技术,2004,12:26-29.
[21]谭丹,鲜继清.基于NDIS hook的Windows防火墙驱动程序设计[J].重庆邮电学院学报(自然科学版),2005,17(5):622-624.
[22](美)Kenneth D.Reed著,3Com公司译.TCP/IP基础.北京:电子工业出版社,2002.
[23]熊安萍.基于Winsock技术的数据包解析研究[J].计算机科学,2006,33(12):81-82.
[24]周剑岚,冯珊.运用Hook技术实现的软件防火墙[J].华中科技大学学报(自然科学版),2004,32(3):83-85.
[25]http://www.ndis.com/papers/ndispacket/ndispacket1.htm
[2]杨辉,吴吴.防火墙-网络安全解决方案[M].北京:国防工业出版社,2001.
[3]阎慧,王伟,宁宇鹏.防火墙原理与技术[M].北京:机械工业出版社,2004.
[4]黎连业.防火墙及其应用技术[M].北京:清华大学出版社,2004.
[5](美)GregHolden著,王斌,孔璐译.防火墙与网络安全-入侵检测和VPN[M],北京:清华大学出版社,2004.
[6](美)Jerry Lee Ford.个人防火墙[M].北京:人民邮电出版社,2002.
[7]高飞,高平.计算机网络和网络安全基础[M].北京:北京理工大学出版社,2002.
[8]雷震甲.计算机网络[M].西安:西安电子科技大学出版社,1999.
[9]任泰明.TCP/IP协议与网络编程[M].西安:西安电子科技大学出版杜,2004.
[10]王利,张玉祥,杨良怀.计算机网络使用教程[M].北京:清华大学出版社,1999.
[11]Behrouze A.Forouzan,Sophia Chung Fegan著,谢希仁译.TCP/IP协议族[M],第2版.北京:清华大学出版社,2003.
[12]朱雁辉.Windows防火墙与网络封包截获技术[M].北京:电子工业出版社,2002.
[13]陈琪,屈光,高传善.Windows单机版防火墙包过滤多种方案比较与实现[J].计算机应用与软件,2005,22(5):114-116.
[14]宋璇,张仲虎,吕国宾.Windows 2000网络封包的截获技术[J].计算机与现代化,2003,4:77-80.
[15]郭兴阳,高峰,唐朝京.一种NDIS中间层数据包过滤方法[J].计算机工程,2004,30(17):102-103.
[16]蒋东兴.Windows Sockets网络程序设计大全[M].北京:清华大学出版社,1999.
[17]李晓莺,曾启铭.NDIS网络驱动程序的研究与实现[J].计算机应用,2002,22(4):60-61.
[18]陈向群.Windows内核实验教程[M].北京:机械工程出版社,2002.
[19]Microsoft公司.Microsoft Windows驱动程序开发大全.北京:机械工程出版社,2001.
[20]康姝,卢显良.基于NDIS的状态包过滤个人防火墙[J].实验科学与技术,2004,12:26-29.
[21]谭丹,鲜继清.基于NDIS hook的Windows防火墙驱动程序设计[J].重庆邮电学院学报(自然科学版),2005,17(5):622-624.
[22](美)Kenneth D.Reed著,3Com公司译.TCP/IP基础.北京:电子工业出版社,2002.
[23]熊安萍.基于Winsock技术的数据包解析研究[J].计算机科学,2006,33(12):81-82.
[24]周剑岚,冯珊.运用Hook技术实现的软件防火墙[J].华中科技大学学报(自然科学版),2004,32(3):83-85.
[25]http://www.ndis.com/papers/ndispacket/ndispacket1.htm