Java Firewall Project �ڹ� ��ȭ�� ������Ʈ
I have been playing with the idea of a Java Firewall. ���� �ڹٿ� ���� ���̵� ���� ���� ����� ��ȭ�����մϴ�. So far I have implemented a fully functional port blocker using port hijacking. ���ݱ��� ���� ������ ��� ���� ��Ʈ�� ���� �� ŷ�� ����Ͽ� ��Ʈ�� �����մϴ�. It scans for open ports on the network interface providing internet connection. ��Ʈ��ũ �������̽��� ���� �˻� ��Ʈ�� ���� ���ͳ� ������ �����մϴ�.
However port blocker doesn't a firewall make. ���� ��Ʈ�� �����ϴ� ��ȭ�������� �ʽ��ϴ�. It is merely a baby step. �װ��� �����ϰ� �Ʊ⸦ �ܰ踦�մϴ�. We need to access operating system API to be able to block ports which do not allow hijacking. �츮�� � ü���� �����ؾ��ϴ� ��Ʈ�� �����ϴ� API�� �� �� ���� �� ŷ�� ������� �ʽ��ϴ�. We also need stealth mode to prevent attackers from even detecting the existence of the computer. ���� ���ڽ� ��带 �ʿ������κ��� ����� �����ϴ� ��ǻ���� ���縦 �����մϴ�. We need to and can easily block UDP traffic. �� �ʿ��ϰ� ����� ������ �� �������� Ʈ������ ���� ������ ���ֽ��ϴ�. Then comes application access control. ������ ���� �����̼� ���� �����մϴ�.
All of these can be done. �̷��� ��� ������ ���ֽ��ϴ�.
I evaluated several firewalls like ZoneAlarm or Agnitum Outpost and each of them lacks in some key aspect or other. ���� �� ��ȭ���� ����ϰ� ������ ���� ����ó�� ���� �Ῡ agnitum ZoneAlarm���ϰų� �Ϻ� Ű ����̳� �ٸ��մϴ�. In my experience their inability is most painful for power users. �� ������ ���� ���ɿ� ������ �Ƿ¿� ���� ��κ��� ����ڰ��ֽ��ϴ�. So we started this intern driven project. ���� �츮 ������ ������ ������Ʈ�� �����մϴ�.
The question is what would be the level of interest in the user community to support a Java Firewall project. ������ ���� ���� ������� ����� ������ ����� Ŀ�´�Ƽ�� �����ϴ� �ڹ� ��ȭ�� ������Ʈ���մϴ�.
Filed under �ؿ� Computer Security ��ǻ�� ���� , Headline News ��� ���� ���� , Java Software �ڹ� ����Ʈ���� , Technology ��� , Web �� , Web Services �� ���� | | 
| | 
RSS 2.0 rss 2.0 | | 
Trackback Ʈ���� this Article | �� ���� | 
Email this Article ���� ������ ����
You may also like to read ������ ���� ���ֽ��ϴ� |
May 23rd, 2006 at 2:02 pm 2006 �� 5 �� 23 ���� 2�� 2��
Writing a Java firewall could be difficult because of the complexity involved with JNI. �ڹ� ��ȭ���� ���� ����� ���ֽ��ϴ� ��� ������ �̷��� ����� �����մϴ�. Obviously you cant write a firewall without getting into the OS��s TCP stack. ��ȭ���� �� �� ��� �и����� �ʰ��� � ü���� tcp �������� �� ���ֽ��ϴ�. It also depends on which OS you are trying to implement. ���� � � ü���� ��� ����ϴ��� �����Ϸ����մϴ�. You might get a lot of help with Linux but with Windows you are pretty much on your own. �������� ������ ���� ������ ������ â�� ������ ���� �ٰ� �˾Ƽ��մϴ�. But that said, there are couple of implementations I saw on codeproject using managed code. ������ �װ��� � ��Ǵ� �ڵ带 ����Ͽ� ������ codeproject�� �ô�. Because it is easy to get at OS level APIs with C# (PInvoke and C++/CLI) I would think implementing it in C# (for Windoes) would be relatively easy than Java. �Ϸ��� � ü���� �����ϱ� ������ ���� API���� c # (pinvoke�� c + + / cli)���� ���� ���� ���� c # (windoes)�� �ڹٺ��� ��������� ���� �̿��� ���ֽ��ϴ�.
May 23rd, 2006 at 6:10 pm 2006 �� 5 �� 23 ���� 6�� 10��
hi there, �ȳ��ϼ���,
+1. 1.
just a moment ago, I saw someone expressing a desire for Java VOIP server. ��ø� ��ٷ��ֽʽÿ� ��, ���� �������� �� �ڹ� voip ������ ���� ����� ǥ���մϴ�. Now, you��re expressing a desire for a Firewall. ����, ��ŵ��� ��ȭ���� ���� ����� ǥ���մϴ�.
Are we there yet ? ���� �־���? What is going to be the overhead for a pure java implementation ? ������ ��� �ڹٰ� ������ ������带? Will ordinary desktop users like it ? �Ϲ����� ���� ȭ���� ����ڰ� ���� ���?
I can offer to test it on my box. ���� �װ��� �� ���ڸ� ��Ʈ�� ������ ���ֽ��ϴ�.
BR, ���,
~A ~ a
May 24th, 2006 at 5:38 am 2006�� 5�� 24�Ͽ��� ���� 5�� 38��
> Are we there yet ? > ���� �־��?
In my preliminary investigation and prototype we have all the technologies to develop a Firewall in Java for Windows. �� ���� ���� �� ������ Ÿ���� ����� �����ϱ� ���� �츮�� ��� �ڹٿ� ���� ��ȭ���� windows. We will however need some native calls which can be easily taken care of. ���� �츮�� ������ �ʿ� ���� ���ִ� ��� ȣ���մϴ�.
> What is going to be the overhead for a pure java implementation ? > ������ ��� �ڹٰ� ������ ������带?
I don��t think performance will be an issue. �ý����� �������� ������ �ƴ� �� ����. In any case we always have the option to use native modules. ��� ���� �츮�� ���� �⺻ ����� ����ϴ� �ɼ��� ����մϴ�. I seriously doubt we will need it. �� �ɰ��ϰ� �ǽ� ������ �츮�� �װ��� �ʿ��մϴ�.
> Will ordinary desktop users like it ? >�� �Ϲ����� ����ũ�� ����ڰ� ������?
That my friend only time will tell. �� ģ���� ������ �ð��� �����մϴ�. It will be more functional than any of the popular Firewall in market today. �װ������� �� ���� ��� ���ó� ������ �α� ��ȭ�����մϴ�.
> I would think implementing it in C# (for Windoes) would be relatively easy than Java. > �Ŷ� ��� ���� c # (windoes)�� �ڹٺ��� ��������� ���� �̿��� ���ֽ��ϴ�.
There are libraries to simplify JNI. �� ���̺귯���� �̷��� ����� ����ȭ�մϴ�.
November 15th, 2006 at 2:40 pm 11 �� 15 �� ���� 2�� 40��
from my experience using java application it is slow and memory hungry. �� ���迡�� ����� �� �� ����Ͽ� �ڹ� ���� ���α��� �װ��� �������. I have to upgrade more my RAM to ensure it��s running well. ���� �� ������ ������ ���ϴ� �� �� �� �ֵ��� �װ��� ���������մϴ�.
August 8th, 2007 at 4:25 am 2007�� 8�� 8�Ͽ��� ���� 4�� 25��
Khairul, khairul,
��Java is slow�� is an age old myth, not reality; get over it. "�ڹٰ� �������"�� ���� ������ ��ȭ�� �ƴ� ������; ȭǪ���մϴ�.
December 27th, 2007 at 2:18 pm 2007�� 12�� 27�Ͽ��� ���� 2�� 18��
I think there is a definite need for a firewall that can be easily managed by a consumer. ���¿� ��ȭ�����ִ� ��� �� ���ִ� Ȯ���� �ʿ伺�� ���� ���ϰ��ִ� �Һ����մϴ�. Perhaps there is one out there and I have yet to find it. �Ƹ����� �� 1 �� ���� �� ������ �ν��� ���ִ�. I like the idea of Java, simply because it is a language I am familiar with. ��� �� ���� �ڹ�, �����ϱ� ������ �� �ͼ��� �����մϴ�.
Have you considered a Linksys/Linux/Java solution. ��Ȱ�� �ǻ� linksys / ������ / �ڹ� �ַ�����մϴ�. Linksys as I understand it produced a version of their wireless router that can run linux. linksys ���� �ƴ� �ٷδ� �ڽ��� ���� ����� ����� ������ ���ִ� ������ �������մϴ�. If you used linux for the OS communication and used Java to provide a web-based UI and to interact with linux and put the whole thing in a linksys like hardware– you might have something valuable. �������� � ü���� ����� ��� �ǻ� ���� �� ��� �ڹٸ� �����ϰ��ִ� �� - ��� ui ��ο� ��ȣ �ۿ��� �������� �� �ϵ���� - linksys ���� �����Ѱ� ��� ���� ���ֽ��ϴ�.
My opinion of security at the desktop level is low. �� ���� �� �ǰ��� ����ũ�� ������ ������ �����մϴ�. It chews up system resources and gives consumers a false sense of control. �װ��� �ý��� ���ҽ����ְ� �Һ��ڸ� ���� ���� ������ �����մϴ�. Stateful packet inspection at a hardware based firewall with the ability to establish ��trust zones�� or ��white lists�� would be invaluable. �ϵ���� ��� ��ȭ�� ���¿��� ��Ŷ�� �˻縦 ���� ���ִ� �ɷ��� "�ŷ� ����"�Ǵ� "ȭ��Ʈ����Ʈ"�� �����ֱ⸦ ����ϸ��մϴ�.
D ��