Sciweavers

DSN
2006
IEEE

Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance

14 years 4 months ago
Barbarians in the Gate: An Experimental Validation of NIC-based Distributed Firewall Performance and Flood Tolerance
This paper presents our experience validating the flood tolerance of two network interface card (NIC)-based embedded firewall solutions, the Embedded Firewall (EFW) and the Autonomic Distributed Firewall (ADF). Experiments were performed for both embedded firewall devices to determine their flood tolerance and performance characteristics. The results show that both are vulnerable to packet flood attacks on a 100 Mbps network. In certain configurations, we found that both embedded firewall devices can have a significant, negative impact on bandwidth and application performance. These results imply first that, firewall rule-sets should be optimized for performance-sensitive applications, and second, that proper consideration must be given to attack risks and mitigations before either the EFW or ADF is deployed. Finally, we believe that future embedded firewall implementations should be vetted in a manner similar to that presented in this paper. Our experience shows that when their limit...
Michael Ihde, William H. Sanders
Added 22 Aug 2010
Updated 22 Aug 2010
Type Conference
Year 2006
Where DSN
Authors Michael Ihde, William H. Sanders
Comments (0)