Implementation of a Content-Scanning Module for an Internet Firewall
نویسندگان
چکیده
A module has been implemented in Field Programmable Gate Array (FPGA) hardware that scans the content of Internet packets at Gigabit/second rates. All of the packet processing operations are performed using reconfigurable hardware within a single Xilinx Virtex XCV2000E FPGA. A set of layered protocol wrappers is used to parse the headers and payloads of packets for Internet protocol data. A content matching server automatically generates the Finite State Machines (FSMs) to search for regular expressions. The complete system is operated on the Field-programmable Port Extender (FPX) platform.
منابع مشابه
FPsed: a streaming content search-and-replace module for an Internet firewall
A module has been implemented in Field Programmable Gate Array (FPGA) hardware that is able to perform regular expression search-and-replace operations on the content of Internet packets at Gigabit/second rates. All of the packet processing operations are performed using reconfigurable hardware within a single Xilinx Virtex XCV2000E FPGA. A set of layered protocol wrappers is used to parse the ...
متن کاملAn Extensible, System-On-Programmable-Chip, Content-Aware Internet Firewall
An extensible firewall has been implemented that performs packet filtering, content scanning, and per-flow queuing of Internet packets at Gigabit/second rates. The firewall uses layered protocol wrappers to parse the content of Internet data. Packet payloads are scanned for keywords using parallel regular expression matching circuits. Packet headers are compared to rules specified in Ternary Co...
متن کاملThe Secure Access Node Project: A Hardware-Based Large-Scale Security Solution for Access Networks
Providing network security is one of the most important tasks in todays Internet. Unfortunately, many users are not able to protect themselves and their networks. Therefore, a novel security concept is presented to protect users by providing security measures at the Internet Service Provider level. Already now, Internet Service Providers are using different security measures, e.g., Virtual Loca...
متن کاملDesign and Performance of Firewall System Based on Embedded Computing
Conventional firewall has failed to resist the attack from the inside network and distributed firewall excessively relies on the host operation system, therefore embedded firewall become the focus of the current network security research. The paper discusses the design and implementation of firewall system based on embedded computing. In addition, it presents architecture of embedded firewall, ...
متن کاملAnalysis of vulnerabilities in Internet firewalls
Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all possible potential problems, a taxonomy is needed to understand firewall vulnerabilities in the context of firewall operations. This paper describes a novel metho...
متن کامل