Firewall system based on virtual machine

Abstract

The invention provides a firewall system based on a virtual machine, comprising a kernel system, a firewall and a customer operation system. The kernel system is arranged in a safe partition of a disk. The customer operation system is used directly by users. The virtual network connection is adopted between the kernel system and the customer operation system. The network access of the customer operation system is forwarded by the kernel system. The firewall is arranged in the kernel system, and the network access of the customer operation system is controlled by the firewall after being forwarded by the kernel system. The firewall system based on the virtual machine has the advantages that: firstly, the firewall software does not depend on the type of the customer operation system which can be Windows, Linux or other operational systems; secondly, even being reinstalled, the customer operation system is stilled protected by the bottom firewall; thirdly, even the customer operation system is provided with vulnerabilities or a backdoor, private data which are sent out accidentally can also be intercepted by the bottom firewall.

Description

technical field [0001] The invention belongs to the field of network access control of information security. technical background [0002] A firewall refers to a combination of a series of components set between different networks (such as trusted intranets and untrusted public networks) or network security domains. It can realize network security protection by monitoring, restricting, and changing the data flow across the firewall, and shielding the information, structure, and operation status of the network from the outside as much as possible. [0003] According to the application deployment location of the firewall, it can be divided into three categories: boundary firewall, personal firewall and hybrid firewall. The boundary firewall is located at the boundary of the internal and external networks, and its function is to isolate the internal and external networks and protect the internal network at the boundary; the personal firewall is installed in a single host, and ...

AI Technical Summary

Problems solved by technology

[0005] At present, because personal firewalls are installed in the operating system, they mainly have four shortcomings: 1. After reinstalling the operating system, the firewall needs to be installed again, and there is a protective vacuum during this period; 2. The implementation of firewall software depends on the specific operating system. Different operating systems need to implement multiple sets of firewalls; 3. The security of the firewall itself depends on the operating system. Once there are loopholes or backdoors in the operating system, hackers may bypass the firewall and access private data; 4. Local operations can close the firewall, and the user's Misoperation or execution of a Trojan horse program may cause the firewall function to be blocked, thus revealing it under network attacks

Therefore, the traditional personal firewall deployment method has hidden dangers in terms of flexibility and security

Images