隨著駭客攻擊已將應用層(Application Layer)列為主要目標的今日，如何能夠即時偵測並且抵禦攻擊的入侵是當前重要的課題。傳統的網路防火牆已無法提供既有連線百分之百的保護，迫使防禦層級必須對應提高至應用層，才是解決問題之道。近年來，Intel IXP系列的開發平台因為具備高效能、低耗電且易於擴充等優點，一直深受業界喜愛，不斷推出各種以網路應用為基礎的設備。此平台以網路處理器為核心，使用者可自行研究創造出新的嵌入式系統設計，將撰寫好的程式系統軟體移植至該平台中，使軟體與硬體結合成一個嵌入式系統平台。為此，本篇論文將以Intel公司的硬體為主體，選擇適當的開放原始碼(Open Source)，設計與實作出一套安全代理伺服器架構的雛形。而安全代理伺服器會以加密的技術，深層封包檢測，為網路使用提供一個較好的保護機制。

According to today's report, many of hackers' attacks occur on the application layer. How to detect and resist such intrusions in real time is a very important subject. The traditional network firewall is unable to offer 100% protection of existing data connections. It must do something different and improve defense level to application layer for the way to solve this problem. Recently, with advantages of high performance, low power consumption and easy expansion, the development platform of Intel IXP series becomes popular for network appliance designers to accelerate product developing. This platform regards network processor as its core. Users can study to create a new embedded system design by themselves, and then port system software to this platform to have software and hardware combine together. For the above reasons, this thesis presents a prototype of Secured Proxy which is designed and implemented based on Intel platform and Open Source. Our secured proxy can finally offer a better protection mechanism for network use with encrypted technology and deep packet inspection.

[ACM97] ACM at University of Illinois Urbana-Champaign, "CGI Attacks", http://www.acm.uiuc.edu/workshops/security/cgi.html
[Arc07] Arcturus Networks Inc., "Embedded Linux/Microcontroller Project", http://www.uclinux.org/
[Bas02] R. Base and P. Mell, "Intrusion Detection Systems", NIST SP800-31, http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf, July 2002.
[Com06] Gerald Combs, "Wireshark: The World's Most Popular Network Protocol Analyzer", http://www.wireshark.org/, June 2006.
[Cyb07] CyberGuard Corporation, "SnapGear Embedded Linux Distribution", http://www.snapgear.org/
[Haz07] Philip Hazel, "PCRE - Perl Compatible Regular Expressions", http://www.pcre.org/
[Ibe97] Oliver C. Ibe, "Essentials of ATM Networks and Services", Addison Wesley Longman, Inc., August 1997.
[IET07] IETF TLS Working Group, "Transport Layer Security (tls)", http://www.ietf.org/html.charters/tls-charter.html, 2007.
[Int04] Intel Corporation, "Intel IXP400 Software Programmer's Guide v.1.4", http://www.intel.com/design/network/manuals/252539_v1_4.pdf, June 2004.
[Int06] Intel Corporation, "Intel IXP425 Network Processor Product Brief", http://download.intel.com/design/network/ProdBrf/27905105.pdf, 2006.
[Int07] Intel Corporation, "Intel IXDPG425 Network Gateway Reference Platform Product Brief", http://download.intel.com/design/network/ProdBrf/30530302.pdf, 2007.
[Kas97] Rick Kaseguma, "SSLWrap", http://www.rickk.com/sslwrap, December 1997.
[Ker03] A. Keromytis, T. de Raadt and J. Wright, "The Design of the OpenBSD Cryptographic Framework", USENIX Annual Technical Conference, June 2003.
[Mel07] P. Mell and K. Scarfone, "Guide to Intrusion Detection and Prevention Systems (IDPS)", NIST SP800-94, http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf, February 2007.
[Net96] Netscape Communications Corporation, "SSL 3.0 Specification", http://wp.netscape.com/eng/ssl3/, 1996.
[Ope07] OpenSSL Project, "OpenSSL: The Open Source toolkit for SSL/TLS", http://www.openssl.org/
[Red07] Red Hat, Inc., "RedBoot", http://ecos.sourceware.org/redboot/
[Shi04] Michael Shinn, Scott Shinn, "Troubleshooting Linux Firewalls", Pearson Education, Inc., Chapter 6, December 2004.
[Sou02] SourceForge, Inc., "The libpcap project", http://sourceforge.net/projects/libpcap/, 2002.
[Sou07] Sourcefire, Inc., "About Snort", http://www.snort.org/about_snort/, 2007.
[依瑪貓06] 依瑪貓，「如何製作 SSL X.509 憑證？」，http://www.imacat.idv.tw/tech/sslcerts.html.zh-tw，2006年4月。
[曹爾凱06] 曹爾凱、鄭伯炤、鄭雅文，「網路處理器建置嵌入式安全系統」，知城圖書，第十章，防火牆工具－iptables，2006年12月。