An Independent Function-Parallel Firewall Architecture for High-Speed Networks (Short Paper)
نویسنده
چکیده
A function-parallel network firewall is a scalable architecture that consists of multiple firewalls. Rules are distributed across the array such that each firewall implements a portion of the original policy. This resutls in significantly lower delays than other parallel designs; however, the design requires firewall intercommunication to coordinate the array which is difficult to implement and introduces additional delay. This paper describes how the performance of a function-parallel firewall array can be increased if the individual firewalls can operate independently, without firewall intercommunication. By distributing rules using accept sets, the independent firewall array and a traditional single firewall will always arrive at the same decision (integrity is maintained). Simulation results will show the system is significantly faster than other designs and has the unique ability to provide service differentiation.
منابع مشابه
Fulp . Effects of Processing Delay on Function - Parallel Firewalls
Comprehensive security policies are an integral part of creating a secure network and commonly firewalls are used to accomplish this. Firewalls inspect and filter traffic arriving or departing a network by comparing packets to a set of rules and performing the matching rule action, which is accept or deny. Unfortunately, traffic inspection of this type can impose significant delays on traffic d...
متن کاملHigh-speed packet filtering utilizing stream processors
Parallel firewalls offer a scalable architecture for the next generation of high-speed networks. While these parallel systems can be implemented using multiple firewalls, the latest generation of stream processors can provide similar benefits with a significantly reduced latency due to locality. This paper describes how the Cell Broadband Engine (CBE), a popular stream processor, can be used as...
متن کاملA Parallel Packet Screen for High Speed Networks
This paper demonstrates why security issues related to the continually increasing bandwidth of High Speed Networks (HSN) cannot be addressed with conventional firewall mechanisms. A single packet screen running on a fast computer is not capable of filtering all packets traversing a Fast/Gigabit Ethernet. This problem can be addressed by using parallel processing methods to implement a fast, sca...
متن کاملParallel Firewalls on General-Purpose Graphics Processing Units
Firewalls use a rule database to decide which packets will be allowed from one network onto another thereby implementing a security policy. In high-speed networks as the inter-arrival rate of packets decreases, the latency incurred by a firewall increases. In such a scenario, a single firewall become a bottleneck and reduces the overall throughput of the network.A firewall with heavy load, whic...
متن کاملA Full Bandwidth ATM Firewall
In this paper we describe an architecture providing an high speed access control service for ATM networks. This architecture is based on two main components. The rst one is a signalling analyser which takes the signalling information as an input and produces dynamically the con guration for our second module. This second module called IFT (Internet Fast Translator) is used to analyse the inform...
متن کامل