windows平台下个人防火墙的设计与实现大学本科毕业论文

摘要

随着互联网的普及，安全问题越来越受到大家的重视。一个安全良好的网络环境能很好的保护好人们的计算机不受木马和病毒的侵扰，给人们的财产和隐私提供必要的保护。个人防火墙作为最早出现和最多使用的网络安全产品，以软件的形式存在于计算机与其所连接的网络之间，对流经计算机的未经授权的网络数据包进行监控和阻止，以起到对系统的保护作用。因此，开发有效的个人防火墙具重要意义。

本文根据个人防火墙的实际需求，首先分析了目前市场上各类防火墙所采用的不同核心过滤技术，结合其优缺点和实现的难易程度，确定了本课题实现所采用的技术并做出相应的阐述。其次对本课题实现的功能和核心技术进行了详细的介绍，接着对个人防火墙的相关功能进行了介绍和展示，最后对完成本论文中获得的心得体会和经验进行了系统的总结。

本课题中实现个人防火墙所采用的核心过滤技术为Filter-Hook Driver。核心过滤驱动的开发采用Visual Studio 2010和Windows下的驱动开发工具WDK进行编码和编译，用户层采用C语言进行编写。用户界面用MFC实现。本个人防火墙实现了对网络数据包的过滤，管控规则设置和日志功能。充分考虑了个人防火墙所需的基本功能，操作方便，界面简单友好。

关键词

个人防火墙；数据包过滤；Filter-Hook Driver；网络安全

Abstract

With the popularity of the Internet, security issues are attention by more and more people.

A secure network environment can protect personal computer from Trojans and viruses, and provide necessary protection to people's property and privacy. Personal firewall as the earliest and the most used Network Security toolkit, it exists as software, between a computer and its network. In order to protect the system, personal firewall monitors and prevents network packets which are flowing through the compute and unauthorized. Therefore, the development of an effective personal firewall has the important meaning.

According to the actual needs of personal firewall, this paper first analyzes different core filtering technologies adopted by all kinds of firewall used in the current market, combined with the ease of their implementation and relative merits. This topic determined how to achieve this system and made the corresponding elaboration. Secondly the function and the core technology of this project is introduced in detail, then introduces and displays the related functions of a personal firewall, and finally summarizes the feelings and experiences in completing this paper.

In this topic, the core filtering technology in realization of personal firewall is adopted by the Filter-Hook Driver. Filter-Hook Driver using Visual Studio 2010 and WDK to development which is a driver development tool under the Windows, Using C language to write user layer. The user interface use MFC to achieve. This personal firewall achieved those functions: network packet filtering, control rules set and logging. Fully considering the basic functions of a personal firewall, this system is easy to operate and has friendly interfaces.

Key words

Personal Firewall;Packet filtering; Filter-Hook Driver; Network security

目录

摘要 ............................................................................................................................................ I Abstract ................................................................................................................................... II

第一章前言 (1)

1.1 课题的开发背景与意义 (1)

1.1.1 开发背景 (1)

1.1.2 研究意义 (2)

1.2 国内外研究现状 (2)

1.3 课题研究内容与结构 (4)

第二章相关理论简介 (5)

2.1 防火墙核心过滤技术 (5)

2.1.1 用户态数据包拦截技术 (5)

2.1.2 内核态数据包拦截技术 (5)

2.1.3 Filter-Hook Driver (6)

2.2 TCP\IP网络通信协议 (7)

2.2.1 IP网际协议 (8)

2.2.2 TCP传输控制协议 (8)

2.2.3 UDP用户数据报协议 (8)

2.3 内核模式驱动程序开发 (9)

第三章开发工具与环境简介 (10)

3.1 Microsoft Visual Studio 2010 (10)

3.2 C语言简介 (10)

3.3 驱动开发工具 (10)

3.3.1 WDK内核编程工具 (11)

3.3.2 编译驱动程序源文件 (11)

3.3.3 安装运行驱动程序 (12)

3.4 MFC简介 (12)