防火牆是做為網路安全的守護者。目前防火牆的種類可分為兩種,分別是封包過濾型以及代理伺服器型。因為封包過濾型有著效能佳、建置容易,因此目前網際網路上實際運行的防火牆大多是屬於此類。可是隨著駭客手法的更新,有許多的網路攻擊方式是傳統封包過濾型防火牆所不能夠阻擋,如Worm、Virus等等,也因為如此,代理伺服器型防火牆已經慢慢的受到重視。但是代理伺服器有著效能不佳,及建置困難的兩大缺點,使得在推廣上不易。效能不佳可以利用更強大的硬體處理能力來改善,而建置困難卻是網際網路上許多網路協定先天本質所產生。此論文提出了新的開發平台,可以不受應用協定的影響(Application-Independent),無論在實體部署上或是以兩端的應用程式來看,都是具備真實透通的架構,這樣一來可以大幅降低代理伺服器的建置困難缺點。
For a long time, firewall has been an important role in network security, protecting many of us against the attacks of malicious users. Firewalls in nature can be classified into two types: Packet-filtering and Proxy Server. Packet-filtering firewalls have gained enormous popularity because of its high performance and easy deployment features. However new generation of network attacks (worms, viruses etc) have penetrated the protection of the traditional packet-filtering firewalls. Application-Layer firewalls (originally called proxy servers) are given increasing attention recently. The two weakness, inefficient performance and complicated deployment procedures, have hindered the spread of application-layer firewalls. Powerful hardware can be adopted, like ASIC, to greatly improve the performance while complicated deployment roots in the congenital inability of many network protocols. To solve the deployment difficulty, this project has proposed a new protocol-dependent framework, which 'True Transparent' is the main nucleus.