Abstract

The emergence of network processors provides a broad range of new applications, particularly in the field of network security. Firewalls have become one of the basic building blocks of implementing a network's security policy; however, the security of a firewall can potentially lead to a bottleneck in the network. Therefore, improving the performance of the firewall means also improving the performance of the protected network. With the ability to direcdy monitor and modify packet information at wire speeds, the network processor provides a new avenue for the pursuit of faster, more efficient firewall products. This paper describes the implementation of two simulated network processor based firewalls. The first architecture, a basic packet filtering firewall, utilizes tree-based structures for manipulating IP and transport level firewall rules while also utilizing parallelism available in the network processor during firewall rule look-ups. In the second architecture, a parallel firewall is created using a network processor based, load-balancing switch along with two network processor based firewall machines, both utilizing the basic packet filter operations of the first architecture. When added to existing routing software, these implementations demonstrate the feasibility of creating dynamic packet-filtering routers using network processor technology.

Library of Congress Subject Headings

Firewalls (Computer security); Computer networks--Security measures; Multiprocessors

Publication Date

6-1-2001

Document Type

Thesis

Department, Program, or Center

Computer Engineering (KGCOE)

Advisor

Czernikowski, Roy

Advisor/Committee Member

Kaminsky, Alan

Comments

Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works. Physical copy available through RIT's The Wallace Library at: TK5105.59 M375 2001

Campus

RIT – Main Campus

Share

COinS