Title :
A parallel packet screen for high speed networks
Author :
Benecke, Carsten
Author_Institution :
Hamburg Univ., Germany
Abstract :
The paper demonstrates why security issues related to the continually increasing bandwidth of high speed networks (HSN) cannot be addressed with conventional firewall mechanisms. A single packet screen running on a fast computer is not capable of filtering all packets traversing a Fast/Gigabit Ethernet. This problem can be addressed by using parallel processing methods to implement a fast, scalable packet screen for Ethernets. The paper shows how hardware may be utilized to distribute the network load among such parallel packet screens. Empirical results using `off-the-shelf´ equipment indicate that this approach is usable
Keywords :
authorisation; computer network management; local area networks; packet switching; parallel processing; Fast/Gigabit Ethernet; HSN; continually increasing bandwidth; fast computer; fast scalable packet screen; firewall mechanisms; high speed networks; network load; off-the-shelf equipment; parallel packet screen; parallel processing methods; security issues; single packet screen; Access control; Asynchronous transfer mode; Bandwidth; Ethernet networks; Finite impulse response filter; High-speed networks; Network interfaces; Network topology; TCPIP; Telecommunication traffic;
Conference_Titel :
Computer Security Applications Conference, 1999. (ACSAC '99) Proceedings. 15th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7695-0346-2
DOI :
10.1109/CSAC.1999.816014
