DocumentCode
1738866
Title
A stateful inspection module architecture
Author
Noureldien, Noureldien A. ; Osman, Izzeldin M.
Author_Institution
Sudan Univ. of Sci. & Technol., Khartoum, Sudan
Volume
2
fYear
2000
fDate
2000
Firstpage
259
Abstract
Packet filtering firewalls have evolved over the 1990s through a series of generations. Stateful inspection represents the climax of this evolution. This paper describes the security vulnerabilities and performance degradation inherent in the inspection module architecture of one of the leading firewalls in the market; Firewall-1 developed by Check Point. The paper proposes an architecture for a stateful inspection module that overcomes the security and performance problems. The proposed architecture protects against SYN flooding and firewall saturation denial of service attacks and preserves at the same time a high throughput
Keywords
Internet; authorisation; inspection; telecommunication security; Check Point Firewall-1; DoS attack; SYN flooding; firewall saturation denial of service attacks; packet filtering firewalls; performance degradation; security vulnerabilities; stateful inspection module architecture; throughput; Computer crime; Degradation; Electronic mail; Filtering; Floods; Inspection; Matched filters; Protection; Protocols; Security;
fLanguage
English
Publisher
ieee
Conference_Titel
TENCON 2000. Proceedings
Conference_Location
Kuala Lumpur
Print_ISBN
0-7803-6355-8
Type
conf
DOI
10.1109/TENCON.2000.888744
Filename
888744
Link To Document