Java Firewall Project Java的防火牆項目
I have been playing with the idea of a Java Firewall.我一直在玩的想法一個Java防火牆。 So far I have implemented a fully functional port blocker using port hijacking.到目前為止,我實施了功能齊全的港口攔截器使用端口劫持。 It scans for open ports on the network interface providing internet connection.它會掃描為開放口岸,對網絡接口,提供網際網路連線。
However port blocker doesn’ta firewall make.不過港口攔截器doesn'ta防火牆。 It is merely a baby step.這只是一個嬰兒的一步。 We need to access operating system API to be able to block ports which do not allow hijacking.我們需要進入作業系統的空氣污染指數,以便能夠座港口,其中不容許劫持。 We also need stealth mode to prevent attackers from even detecting the existence of the computer.我們還需要隱形模式,以防止攻擊者從,甚至檢測所存在的計算機。 We need to and can easily block UDP traffic.我們需要和可以輕易地阻擋UDP通信。 Then comes application access control.然後談到應用的訪問控制。
All of these can be done.所有這些是可以做到的。
I evaluated several firewalls like ZoneAlarm or Agnitum Outpost and each of them lacks in some key aspect or other.我評估了幾個防火牆一樣, ZoneAlarm或agnitum前哨和他們每個人缺乏在一些關鍵方面或其他。 In my experience their inability is most painful for power users.在我的經驗,他們無法是最痛苦的電力用戶。 So we started this intern driven project.因此,我們開始實習驅動的項目。
The question is what would be the level of interest in the user community to support a Java Firewall project.問題是,會有什麼感興趣的程度,在用戶社區的支持Java的防火牆項目。
Filed under提起下 Computer Security計算機安全 , , Headline News頭條新聞 , , Java Software Java軟件 , , Technology技術 , , Web網頁 , , Web Services Web服務 | | 
| | 
RSS 2.0 2.0 | | 
Trackback Trackback跟踪 this Article |此文章| 
Email this Article電子郵件此文章
You may also like to read您也可以想讀 |
May 23rd, 2006 at 2:02 pm 2006年5月23日在下午2時02分
Writing a Java firewall could be difficult because of the complexity involved with JNI.寫一個Java防火牆可以很困難,因為所涉及的複雜性與jni 。 Obviously you cant write a firewall without getting into the OS’s TCP stack.顯然你cannot寫防火牆沒有進入操作系統的TCP棧。 It also depends on which OS you are trying to implement.它還取決於哪些操作系統您正試圖執行。 You might get a lot of help with Linux but with Windows you are pretty much on your own.您可能會得到許多幫助與Linux與Windows ,但你是非常對自己的。 But that said, there are couple of implementations I saw on codeproject using managed code.但說,有幾個實現我看到就codeproject使用託管代碼。 Because it is easy to get at OS level APIs with C# (PInvoke and C++/CLI) I would think implementing it in C# (for Windoes) would be relatively easy than Java.因為它是很容易就會在操作系統級別的API用C # ( pinvoke和C + + / CLI的)我想執行它在C # ( windoes )會比較容易比Java 。
May 23rd, 2006 at 6:10 pm 2006年5月23日在下午6時10分
hi there,喜有,
+1. 1 。
just a moment ago, I saw someone expressing a desire for Java VOIP server.剛才,我看到有人表達的願望, Java的VoIP服務器。 Now, you’re expressing a desire for a Firewall.現在,您表達的願望,一個防火牆。
Are we there yet ?我們有沒? What is going to be the overhead for a pure java implementation ?什麼是將會間接為一個純粹的Java實現? Will ordinary desktop users like it ?將普通台式機用戶喜歡?
I can offer to test it on my box.我可以提供,以測試它在我的方塊。
BR,溴
~A 〜一
May 24th, 2006 at 5:38 am 2006年5月24日在上午05時38分
> Are we there yet ? >是我們有沒?
In my preliminary investigation and prototype we have all the technologies to develop a Firewall in Java for Windows.在我的初步調查和原型,我們所有的技術發展一個防火牆在Java中用於Windows 。 We will however need some native calls which can be easily taken care of.不過,我們會需要一些本土的來電可以很容易照顧。
> What is going to be the overhead for a pure java implementation ? >什麼是將會間接為一個純粹的Java實現?
I don’t think performance will be an issue.我不認為業績將是一個問題。 In any case we always have the option to use native modules.在任何情況下,我們永遠都可以選擇使用本土模塊。 I seriously doubt we will need it. i嚴重疑問,我們將需要它。
> Will ordinary desktop users like it ? > “普通台式機用戶喜歡?
That my friend only time will tell.我的朋友,只有時間會告訴我們。 It will be more functional than any of the popular Firewall in market today.它會更功能比任何流行的防火牆,在當今市場上。
> I would think implementing it in C# (for Windoes) would be relatively easy than Java. >我想執行它在C # ( windoes )會比較容易比Java 。
There are libraries to simplify JNI.有圖書館,以簡化jni 。
November 15th, 2006 at 2:40 pm 2006年11月15日在下午2時40分
from my experience using java application it is slow and memory hungry.從我的經驗,利用Java的應用,這是緩慢和飢餓的記憶。 I have to upgrade more my RAM to ensure it’s running well.我要升級更多我的RAM ,以確保它的運行良好。
August 8th, 2007 at 4:25 am 2007年8月8日在上午04時25分
Khairul, khairul ,
“Java is slow” is an age old myth, not reality; get over it. “ Java是緩慢”是一個古老的神話,而不是現實;擺脫它。
December 27th, 2007 at 2:18 pm 2007年12月27日在下午2時18分
I think there is a definite need for a firewall that can be easily managed by a consumer.我覺得是有一個明確的需要一個防火牆,可以很容易地管理的一個消費者。 Perhaps there is one out there and I have yet to find it.也許有一個存在,並且我還沒有找到它。 I like the idea of Java, simply because it is a language I am familiar with.我喜歡的想法爪哇,只是因為它是一個語言我所熟悉的。
Have you considered a Linksys/Linux/Java solution.你考慮的是Linksys / Linux的/ Java的解決方案。 Linksys as I understand it produced a version of their wireless router that can run linux. Linksys的據我所知,製作了一版的無線路由器,可以運行Linux 。 If you used linux for the OS communication and used Java to provide a web-based UI and to interact with linux and put the whole thing in a linksys like hardware– you might have something valuable.如果您使用的Linux為OS的溝通和使用的Java提供一個基於Web的用戶界面和互動,與Linux和付諸表決,整個事情在一個Linksys的一樣,硬體,您可能有一些寶貴的。
My opinion of security at the desktop level is low.我覺得安全,在桌面水平的低下。 It chews up system resources and gives consumers a false sense of control.它chews系統資源和為消費者提供了虛假的安全感控制。 Stateful packet inspection at a hardware based firewall with the ability to establish “trust zones” or “white lists” would be invaluable.狀態數據包檢測,在一個基於硬件的防火牆與能力,建立“信任區”或“白名單”將是非常寶貴的。
D d