Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Ihde Articles by William H. Sanders

International Conference on Dependable Systems and Networks (DSN'06)

Philadelphia, Pennsylvania

June 25-June 28

ISBN: 0-7695-2607-1

	ASCII Text	x
	Michael Ihde, William H. Sanders, "Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance," Dependable Systems and Networks, International Conference on, pp. 209-216, International Conference on Dependable Systems and Networks (DSN'06), 2006.

	BibTex	x
	@article{ 10.1109/DSN.2006.17, author = {Michael Ihde and William H. Sanders}, title = {Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2006}, isbn = {0-7695-2607-1}, pages = {209-216}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2006.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance SN - 0-7695-2607-1 SP209 EP216 A1 - Michael Ihde, A1 - William H. Sanders, PY - 2006 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Michael Ihde, University of Illinois at Urbana-Champaign

William H. Sanders, University of Illinois at Urbana-Champaign

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN.2006.17

This paper presents our experience validating the flood tol- erance of two network interface card (NIC)-based embedded firewall solutions, the Embedded Firewall (EFW) and the Au- tonomic Distributed Firewall (ADF). Experiments were per- formed for both embedded firewall devices to determine their flood tolerance and performance characteristics. The results show that both are vulnerable to packet flood attacks on a 100 Mbps network. In certain configurations, we found that both embedded firewall devices can have a significant, negative impact on bandwidth and application performance. These re- sults imply first that, firewall rule-sets should be optimized for performance-sensitive applications, and second, that proper consideration must be given to attack risks and mitigations before either the EFW or ADF is deployed. Finally, we be- lieve that future embedded firewall implementations should be vetted in a manner similar to that presented in this paper. Our experience shows that when their limitations are properly considered, both the EFW and ADF can be safely deployed to enhance network security without undue risk.

Citation:

Michael Ihde, William H. Sanders, "Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance," dsn, pp.209-216, International Conference on Dependable Systems and Networks (DSN'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.