he design of the network protocols that are currently widely used can be tracked back until the 70s, so it is not surprising that these protocols lack most of the newer security features. During the last decades several security mechanisms have evolved for mitigating these shortcomings, such security technologies are for example filtering of falsified routings, preventing ARP flooding, protection against man-in-the-middle attacks, IP stealing, etc. The vendors of the currently available higher-class network appliances have already implemented these features in their products.
Although the prices of the currently available network switches and wireless access points that meet the security requirements are still too high for small-business companies, fortunately there are network appliances available on the market for adequately fair prices as well, and their firmware is freely modifiable or replaceable. Several Linux-based distributions are also available that are developed specifically for low-end wireless routers.
Unfortunately the network security features of the Linux kernel are somewhat limited. The goal of this thesis is giving an overview of these limitations, introducing some of the security-related solutions developed by the most prominent vendors, and enhancing the Linux kernel by implementing some security technologies that offer protection agains the most common threats and might even compete with some of the enterprise-level solutions.