Security mechanisms in high-speed networks

Summary form only given. High-speed networks are becoming popular for accessing remote data and information sharing and more and more organizations are connecting through networks to obtain financial and strategic advantages. However, this high-bandwidth connectivity also exposes them to a higher degree of security attacks and intrusions. A router-based packet-filtering firewall is an effective way to protect an enterprise network from unauthorized accesses. However, traditional firewalls will not work efficiently in ATM networks because they require termination of end-to-end connections at the packet-filtering router for packet inspection. This is likely to incur a high overhead due to packet segmentation and reassembly making it a serious bottleneck. This talk presents the design of a high-speed ATM firewall that does not require the termination of an end-to-end connection in the middle. This firewall switch nicely integrates the IP level security mechanisms into the hardware components of an ATM switch so that most of the filtering operations are performed in parallel with the normal cell processing and most of its cost is absorbed into the base cost of the switch. The firewall switch employs “last cell hostage” (LCH) to avoid or reduce the latency caused by filtering. We analyze in detail the performance of the firewall switch in terms of the throughput and latency