|
Article · July 003 Source: oai citation reads 789 authorsBog'liq Design and Implementation of Personal Firewalls foActiveSync
Pass−Through
Connection
Internet
Desktop PC
(Bastion Host)
Figure 3.
A Desktop PC Acts as a Bastion Host
4.2
A Better Solution: Personal Firewalls
A better solution is that a personal firewall is built into a
handheld computer. With a personal firewall, the user can
adjust his requirements or policies on handling the cases
that he will encounter. The personal firewall can be tuned
to suit the user’s need. In the next section, we will describe
the design and implementation of a personal firewall in a
Pocket PC handheld device.
5
Design and Implementation of Per-
sonal Firewalls
Before describing our design and implementation of per-
sonal firewalls in handheld devices, we recall the possible
technologies that can be used in Pocket PC 2002 operating
system. Theoretically, this technology can be employed to
perform the packet filtering required in the system. How-
ever, as we will justify in this section, there is no direct
API call that can be used in the implementation provided
by Microsoft and therefore, some other alternatives need to
be investigated.
5.1
Packet Filtering in Pocket PC 2002
Windows 2000 offers an important network Application
Programming Interface (API), known as Packet Filtering
API (PFAPI). PFAPI is defined in fltdefs.h in Microsoft
Platform SDK. PFAPI is quite useful as it enables pro-
grammers to filter out TCP/IP packets by using PFAPI,
programmers can easily control inbound and outbound net-
work traffic. Plooy showed an implementation of a flexi-
ble packet-filtering firewall, called netBlock, with PFAPI in
a couple of hundred lines of C++ [19]. To implement a
packet-filtering firewall, the netBlock only uses five (out of
a total of sixteen) PFAPI functions: PfCreateInterface(),
PfAddFiltersToInterface(), PfBindInterfaceToIPAddress(),
PfUnbindInterface(), and PfDeleteInterface().
Unfortunately, Pocket PC 2002 Software Development
Kit (SDK) does not provide PFAPI, which makes imple-
mentation of packet filtering in Pocket PC 2002 much more
difficult than in Windows 2000. One possible solution to
implement a packet-filtering firewall in Pocket PC 2002 is
to develop an intermediate Network Driver Interface Spec-
ification (NDIS) driver, which will be outlined in the next
section.
|
| |