Java Firewall Project Java�ķ���ǽ��Ŀ
I have been playing with the idea of a Java Firewall.��һֱ������뷨һ��Java����ǽ�� So far I have implemented a fully functional port blocker using port hijacking.��ĿǰΪֹ����ʵʩ�˹�����ȫ�ĸۿ�������ʹ�ö˿ڽٳ֡� It scans for open ports on the network interface providing internet connection.���ɨ��Ϊ���ſڰ���������ӿڣ��ṩ�����·���ߡ�
However port blocker doesn't a firewall make.����ۿ���������������ǽ�� It is merely a baby step.��ֻ��һ��Ӥ���һ���� We need to access operating system API to be able to block ports which do not allow hijacking.������Ҫ������ҵϵͳ�Ŀ�����Ⱦָ���Ա��ܹ���ۿڣ����в�����ٳ֡� We also need stealth mode to prevent attackers from even detecting the existence of the computer.���ǻ���Ҫ����ģʽ���Է�ֹ�����ߴӣ������������ڵļ���� We need to and can easily block UDP traffic.������Ҫ�Ϳ��������赲UDPͨ�š� Then comes application access control.Ȼ��̸��Ӧ�õķ��ʿ��ơ�
All of these can be done.������Щ�ǿ��������ġ�
I evaluated several firewalls like ZoneAlarm or Agnitum Outpost and each of them lacks in some key aspect or other.�������˼�������ǽһ�� ZoneAlarm��agnitumǰ�ں�����ÿ����ȱ����һЩ�ؼ�������� In my experience their inability is most painful for power users.���ҵľ��飬����������ʹ��ĵ����û��� So we started this intern driven project.��ˣ����ǿ�ʼʵϰ�����Ŀ��
The question is what would be the level of interest in the user community to support a Java Firewall project.�����ǣ�����ʲô����Ȥ�ij̶ȣ����û������֧��Java�ķ���ǽ��Ŀ��
Filed under������ Computer Security�����ȫ , �� Headline Newsͷ������ , �� Java Software Java��� , �� Technology���� , �� Web��ҳ , �� Web Services Web���� | | 
| | 
RSS 2.0 2.0 | | 
Trackback Trackback���� this Article |������| 
Email this Article�����ʼ�������
You may also like to read��Ҳ������� |
May 23rd, 2006 at 2:02 pm 2006��5��23��������2ʱ02��
Writing a Java firewall could be difficult because of the complexity involved with JNI.дһ��Java����ǽ���Ժ����ѣ���Ϊ���漰�ĸ�������jni �� Obviously you cant write a firewall without getting into the OS��s TCP stack.��Ȼ��cannotд����ǽû�н������ϵͳ��TCPջ�� It also depends on which OS you are trying to implement.��ȡ������Щ����ϵͳ������ͼִ�С� You might get a lot of help with Linux but with Windows you are pretty much on your own.����ܻ�õ���������Linux��Windows �������Ƿdz����Լ��ġ� But that said, there are couple of implementations I saw on codeproject using managed code.��˵���м���ʵ���ҿ�����codeprojectʹ���йܴ��롣 Because it is easy to get at OS level APIs with C# (PInvoke and C++/CLI) I would think implementing it in C# (for Windoes) would be relatively easy than Java.��Ϊ���Ǻ����ͻ��ڲ���ϵͳ�����API��C �� �� pinvoke��C + + / CLI�ģ�����ִ������C �� �� windoes ����Ƚ����ױ�Java ��
May 23rd, 2006 at 6:10 pm 2006��5��23��������6ʱ10��
hi there,ϲ�У�
+1. 1 ��
just a moment ago, I saw someone expressing a desire for Java VOIP server.�ղţ��ҿ������˱���Ը�� Java��VoIP�������� Now, you��re expressing a desire for a Firewall.���ڣ������Ը��һ������ǽ��
Are we there yet ?������û�� What is going to be the overhead for a pure java implementation ?ʲô�ǽ�����Ϊһ�������Javaʵ�֣� Will ordinary desktop users like it ?����̨ͨʽ���û�ϲ����
I can offer to test it on my box.�ҿ����ṩ���Բ��������ҵķ��顣
BR,��
~A 〜һ
May 24th, 2006 at 5:38 am 2006��5��24��������05ʱ38��
> Are we there yet ? >��������û��
In my preliminary investigation and prototype we have all the technologies to develop a Firewall in Java for Windows.���ҵij��������ԭ�ͣ��������еļ�����չһ������ǽ��Java������Windows �� We will however need some native calls which can be easily taken care of.�������ǻ���ҪһЩ������������Ժ������չˡ�
> What is going to be the overhead for a pure java implementation ? >ʲô�ǽ�����Ϊһ�������Javaʵ�֣�
I don��t think performance will be an issue.�Ҳ���Ϊҵ������һ�����⡣ In any case we always have the option to use native modules.���κ�����£�������Զ������ѡ��ʹ�ñ���ģ�顣 I seriously doubt we will need it. i�������ʣ����ǽ���Ҫ��
> Will ordinary desktop users like it ? > ����̨ͨʽ���û�ϲ����
That my friend only time will tell.�ҵ����ѣ�ֻ��ʱ���������ǡ� It will be more functional than any of the popular Firewall in market today.�����ܱ��κ����еķ���ǽ���ڵ����г��ϡ�
> I would think implementing it in C# (for Windoes) would be relatively easy than Java. >����ִ������C �� �� windoes ����Ƚ����ױ�Java ��
There are libraries to simplify JNI.��ͼ��ݣ��Լ�jni ��
November 15th, 2006 at 2:40 pm 2006��11��15��������2ʱ40��
from my experience using java application it is slow and memory hungry.���ҵľ��飬����Java��Ӧ�ã����ǻ���ͼ����ļ��䡣 I have to upgrade more my RAM to ensure it��s running well.��Ҫ�����ҵ�RAM ����ȷ������������á�
August 8th, 2007 at 4:25 am 2007��8��8��������04ʱ25��
Khairul, khairul ��
��Java is slow�� is an age old myth, not reality; get over it. �� Java�ǻ�����һ�����ϵ���������ʵ;������
December 27th, 2007 at 2:18 pm 2007��12��27��������2ʱ18��
I think there is a definite need for a firewall that can be easily managed by a consumer.�Ҿ�������һ����ȷ����Ҫһ������ǽ�����Ժ����ع����һ������ߡ� Perhaps there is one out there and I have yet to find it.Ҳ����һ�����ڣ������һ�û���ҵ��� I like the idea of Java, simply because it is a language I am familiar with.��ϲ�����뷨צ�ۣ�ֻ����Ϊ����һ������������Ϥ�ġ�
Have you considered a Linksys/Linux/Java solution.�㿼�ǵ���Linksys / Linux��/ Java�Ľ�������� Linksys as I understand it produced a version of their wireless router that can run linux. Linksys�ľ�����֪��������һ�������·��������������Linux �� If you used linux for the OS communication and used Java to provide a web-based UI and to interact with linux and put the whole thing in a linksys like hardware�C you might have something valuable.�����ʹ�õ�LinuxΪOS�Ĺ�ͨ��ʹ�õ�Java�ṩһ������Web���û�����ͻ�������Linux�����������������һ��Linksys��һ��Ӳ�壬�������һЩ����ġ�
My opinion of security at the desktop level is low.�Ҿ��ð�ȫ��������ˮƽ�ĵ��¡� It chews up system resources and gives consumers a false sense of control.��chewsϵͳ��Դ��Ϊ������ṩ����ٵİ�ȫ�п��ơ� Stateful packet inspection at a hardware based firewall with the ability to establish ��trust zones�� or ��white lists�� would be invaluable.״̬��ݰ��⣬��һ������Ӳ���ķ���ǽ��������������������������Ƿdz�����ġ�
D d