Gaining efficiency in transport services by appropriate design and implementation choices
ACM Transactions on Computer Systems (TOCS)
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Probability, stochastic processes, and queueing theory: the mathematics of computer performance modeling
Internet traffic characterization
Internet traffic characterization
Sonet and T1: architectures for digital transport networks
Sonet and T1: architectures for digital transport networks
Performance modeling of multiprocessor implementations of protocols
IEEE/ACM Transactions on Networking (TON)
Fast and scalable layer four switching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
High-speed policy-based packet forwarding using efficient multi-dimensional range matching
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Building Internet firewalls (2nd ed.)
Building Internet firewalls (2nd ed.)
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
ATM: Solutions for Enterprise Internetworking
ATM: Solutions for Enterprise Internetworking
ATM Switching Systems
Design and evaluation of a high-performance ATM firewall switch and its applications
IEEE Journal on Selected Areas in Communications
Firewall policy verification and troubleshooting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.01 |
A router-based packet-filtering firewall is an effective way of protecting an enterprise network from unauthorized access. However, it will not work efficiently in an ATM network because it requires the termination of end-to-end ATM connections at a packet-filtering router, which incurs huge overhead of SAR (Segmentation and Reassembly). Very few approaches to this problem have been proposed in the literature, and none is completely satisfactory. In this paper we present the hardware design of a high-speed ATM firewall that does not require the termination of an end-to-end connection in the middle. We propose a novel firewall design philosophy, called Quality of Firewalling (QoF), that applies security measures of different strength to traffic with different risk levels and show how it can be implemented in our firewall. Compared with the traditional firewalls, this ATM firewall performs exactly the same packet-level filtering without compromising the performance and has the same "look and feel" by sitting at the chokepoint between the trusted ATM LAN and untrusted ATM WAN. It is also easy to manage and flexible to use.