摘要: A router-based packet-filtering firewall is an effective way of protecting enterprise network from unauthorized access. However, it will not work efficiently in ATM because requires the termination end-to-end connections at a router, which incurs huge overhead SAR (Segmentation and Reassembly). Very few approaches to this problem have been proposed literature, none completely satisfactory. In paper we present hardware design high-speed that does require connection middle. We propose novel philosophy, called Quality Firewalling (QoF), applies security measures different strength traffic with risk levels show how can be implemented our firewall. Compared traditional firewalls, performs exactly same packet-level filtering without compromising performance has "look feel" by sitting chokepoint between trusted LAN untrusted WAN. It also easy manage flexible use.
acm.org
sci-hub.se 参考文章(22)
Sharleen Waters, Uyless D. Black, Sonet and T1: Architectures for Digital Transport Networks ,(1997)
Kimberly Claire Claffy, Internet traffic characterization University of California at San Diego. ,(1994)
Elizabeth D. Zwicky, D. Brent Chapman, Deborah Russell, Building Internet Firewalls ,(1995)
T.D. Tarman, L.G. Pierson, Requirements for security signalling ATM forum technical committee meeting, Denver, CO (United States), 10 Apr 1995. ,(1995)
Steven M. Bellovin, Aviel D. Rubin, William R. Cheswick, Firewalls and Internet Security: Repelling the Wily Hacker ,(2003)
R. Atkinson, S. Kent, IP Encapsulating Security Payload (ESP) RFC. ,vol. 1827, pp. 1- 12 ,(1995)
Richard W. Watson, Sandy A. Mamrak, Gaining efficiency in transport services by appropriate design and implementation choices ACM Transactions on Computer Systems. ,vol. 5, pp. 97- 120 ,(1987) , 10.1145/13677.13678
V. Srinivasan, G. Varghese, S. Suri, M. Waldvogel, Fast and scalable layer four switching acm special interest group on data communication. ,vol. 28, pp. 191- 202 ,(1998) , 10.1145/285237.285282
M. Bjorkman, P. Gunningberg, Performance modeling of multiprocessor implementations of protocols IEEE ACM Transactions on Networking. ,vol. 6, pp. 262- 273 ,(1998) , 10.1109/90.700890