Java Firewall Project
May 23rd, 2006 by Angsuman ChakrabortyI have been playing with the idea of a Java Firewall. So far I have implemented a fully functional port blocker using port hijacking. It scans for open ports on the network interface providing internet connection.
However port blocker doesn’t a firewall make. It is merely a baby step. We need to access operating system API to be able to block ports which do not allow hijacking. We also need stealth mode to prevent attackers from even detecting the existence of the computer. We need to and can easily block UDP traffic. Then comes application access control.
All of these can be done.
I evaluated several firewalls like ZoneAlarm or Agnitum Outpost and each of them lacks in some key aspect or other. In my experience their inability is most painful for power users. So we started this intern driven project.
The question is what would be the level of interest in the user community to support a Java Firewall project.
Tags: Computer Security, Headline News, Java Software, Technology, Web, Web Services | | RSS 2.0 | Trackback this Article | Email this Article
Add to Technorati Favorites
May 23rd, 2006 at 2:02 pm
Writing a Java firewall could be difficult because of the complexity involved with JNI. Obviously you cant write a firewall without getting into the OS’s TCP stack. It also depends on which OS you are trying to implement. You might get a lot of help with Linux but with Windows you are pretty much on your own. But that said, there are couple of implementations I saw on codeproject using managed code. Because it is easy to get at OS level APIs with C# (PInvoke and C++/CLI) I would think implementing it in C# (for Windoes) would be relatively easy than Java.
May 23rd, 2006 at 6:10 pm
hi there,
+1.
just a moment ago, I saw someone expressing a desire for Java VOIP server. Now, you’re expressing a desire for a Firewall.
Are we there yet ? What is going to be the overhead for a pure java implementation ? Will ordinary desktop users like it ?
I can offer to test it on my box.
BR,
~A
May 24th, 2006 at 5:38 am
> Are we there yet ?
In my preliminary investigation and prototype we have all the technologies to develop a Firewall in Java for Windows. We will however need some native calls which can be easily taken care of.
> What is going to be the overhead for a pure java implementation ?
I don’t think performance will be an issue. In any case we always have the option to use native modules. I seriously doubt we will need it.
> Will ordinary desktop users like it ?
That my friend only time will tell. It will be more functional than any of the popular Firewall in market today.
> I would think implementing it in C# (for Windoes) would be relatively easy than Java.
There are libraries to simplify JNI.
November 15th, 2006 at 2:40 pm
from my experience using java application it is slow and memory hungry. I have to upgrade more my RAM to ensure it’s running well.
August 8th, 2007 at 4:25 am
Khairul,
“Java is slow” is an age old myth, not reality; get over it.
December 27th, 2007 at 2:18 pm
I think there is a definite need for a firewall that can be easily managed by a consumer. Perhaps there is one out there and I have yet to find it. I like the idea of Java, simply because it is a language I am familiar with.
Have you considered a Linksys/Linux/Java solution. Linksys as I understand it produced a version of their wireless router that can run linux. If you used linux for the OS communication and used Java to provide a web-based UI and to interact with linux and put the whole thing in a linksys like hardware– you might have something valuable.
My opinion of security at the desktop level is low. It chews up system resources and gives consumers a false sense of control. Stateful packet inspection at a hardware based firewall with the ability to establish “trust zones” or “white lists” would be invaluable.
D