| Abstrakt: | This thesis explores the possibilities of implementing an L7 firewall in the user-space
of OS Linux. Most existing solutions are either too expensive for publicly funded
organizations or their functionality does not fit the definition of a firewall. The first
part of this thesis describes the motivation, the necessary terminology, and sets the
scope for the implementation by formulating the requirements and choosing a set
of Application layer protocols, which can be abused in the absence of L7 inspection.
The next part discusses the design and architecture of the implementation, the issues
encountered during development and how they were addressed. The thesis includes the
implementation of the firewall according to the requirements resulting from the analysis.
The last part presents test scenarios and results that demonstrate the functionality of
the firewall, and the protection against abuse of the chosen Application layer protocols.
The firewall implementation and the results of this thesis can be used in further research
and development of L7 firewalls on open-source platforms.
|
|---|