External perimeter of secure network public Internet SNMPdata transaction data control commands July 2003 Firewall Network Processor™: basic concept and.

Slides:



Advertisements
Similar presentations
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Advertisements

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
M2M Gateway Features Jari Lahti, CTO
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Module 3: Planning and Troubleshooting Routing and Switching.
Chapter 6 High-Speed LANs Chapter 6 High-Speed LANs.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
COEN 252 Computer Forensics
Common Devices Used In Computer Networks
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Module 4: Designing Routing and Switching Requirements.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Network Processor™: Technical Concept and Business Solutions FNP™ – is a trademark of Fractel Inc. December 2008 Columbus.
Ethernet Circuit. Ethernet Circuit Concepts Circuit switching features –End to end quality of service –End to end Layer 2 security –Granular bandwidth.
BZUPAGES.COM Introduction to Cisco Devices Interfaces and modules –LAN interfaces (Fast Ethernet, Gigabit Ethernet) –WAN interfaces(Basic Rate Interface.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Securing Wired Local Area Networks(LANs)
NSH0503/01/11041 Overview Computer Network Technology By Diyurman Gea.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
S4-Chapter 3 WAN Design Requirements. WAN Technologies Leased Line –PPP networks –Hub and Spoke Topologies –Backup for other links ISDN –Cost-effective.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Connecting to the Network Introduction to Networking Concepts.
Security fundamentals Topic 10 Securing the network perimeter.
BZUPAGES.COM Introduction to Cisco Devices Interfaces and modules –LAN interfaces (Fast Ethernet, Gigabit Ethernet) –WAN interfaces(Basic Rate Interface.
Local-Area Networks. Topology Defines the Structure of the Network – Physical topology – actual layout of the wire (media) – Logical topology – defines.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.
A MAIN PROJECT SEMINAR ON PACKET FILTERING FIREWALL USING NETFILTERS IN LINUX FOR ARM9 BY: R. SRINIVASULU (07N21A0446) CH. SHIVA RAM (07N21A0442) K. MALLIKARJUNA.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Security fundamentals
Chapter 1: Explore the Network
CompTIA Security+ Study Guide (SY0-401)
Virtual Private Networks
Top 5 Open Source Firewall Software for Linux User
Planning and Troubleshooting Routing and Switching
Computer Data Security & Privacy
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
CompTIA Security+ Study Guide (SY0-401)
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Firewalls Purpose of a Firewall Characteristic of a firewall
Virtual Private Network
Firewalls Routers, Switches, Hubs VPNs
VPN: Virtual Private Network
Cengage Learning: Computer Networking from LANs to WANs
Presentation transcript:

external perimeter of secure network public Internet SNMPdata transaction data control commands July 2003 Firewall Network Processor™: basic concept and solutions ™ FNP – is a trademark of Fractel Incorporated

Firewall Network Processor: basic concept and solutions 2 Content Introduction Introduction Network Processor: common aspects Network Processor: common aspects Network Processor: FNP architecture “stealth” mode, performance, functionality Network Processor: FNP architecture “stealth” mode, performance, functionality Conclusion Conclusion

Firewall Network Processor: basic concept and solutions 3 Introduction: distributed network concept and security aspects Distributed Network: interconnected grid of paths without sharp boundaries between zones, Internet - superposition of the overlay networks without central and third-party control point Security aspects: all of them depend on the concept of trust: third-party of direct Where are the boundaries of the trust? Superposition of overlay layers and networks Appl n Appl i Appl 1 Appl 2

Firewall Network Processor: basic concept and solutions 4 Multilevel Network environment and security problems channel structure Physical nodes virtual grid Application processes Packet processes Virus attack Denial of service Intrusion Data corruption Hacking auth - u/a packets

Firewall Network Processor: basic concept and solutions 5 network environment node 0node xnode x+1node M … … direct virtual channel packet physical link bit speed buffer packet drops TCP protocol TCP application feedback virtual channel Transit - packets control Traffic- transport and app. control Network security aspects: transit security and traffic regulation

Firewall Network Processor: basic concept and solutions 6 Tasks, technology, products Tasks, technology, products Communication Share infoapps Remote access Internet presenceFiltering Tunnelling Authentication Encryption ManagementFirewall Anti-virus VPN PKI Security management

Firewall Network Processor: basic concept and solutions 7 Security concept and basic components Concept: Many layers packet processing which retains openness of Internet original design. Basic Components: administrative solution, including VLANs, Access Control Lists, MAC locks special network processor which separate data traffic, provide authentication and encryption

Firewall Network Processor: basic concept and solutions 8 Network Processor: common aspects Definition: NPs – programmable devices aimed generally at communication tasks and packet specific data set. Challenge : What are software architectures that are effective for network tasks? What are software architectures that are effective for network tasks? Why we need new functionality? Why we need new functionality? What do network processors do? What do network processors do? Prototypes: Intel IXP 1200:special chip which combine high-speed core with system bus and 6 programmable microengines. Interphase iNAV4000:PCI chip which offers unparalleled features including packet processing and switching.

Firewall Network Processor: basic concept and solutions 9 Basic types of hardware architecture GPP – general purpose processor CSI – common switch interface (packets) PHY – physical network interface (bytes) GPPRAM PHYCSI system bus NP Co-processor GPPRAM PHYCSI NP PHYCSI NP RAM DMAC GPPRAM system bus control plane data plane

Firewall Network Processor: basic concept and solutions 10 FNP core Filtering module Service module (logging, authorization, UI daemon) Local storage External storage … … … Cache hierarchy incoming trafficoutgoing traffic incoming interface(s) outgoing interface(s) 1 2 S s =F( 2 ) S f =F( 2 )  =F( 1, 2 )

Firewall Network Processor: basic concept and solutions 11 NP: basic characteristics manipulate packet specific data on Internet layers 2 -4 manipulate packet specific data on Internet layers 2 -4 based in open software interface based in open software interface performanceopennessprogrammability Target:Deliver hardware level performance of packet processing tasks to software programmable system

Firewall Network Processor: basic concept and solutions 12 Packet processing tasks parsemodifyforward resolvesearch Silicon design – limited flexibility – wire speed performance Program design – limited performance + new features can be added ?

Firewall Network Processor: basic concept and solutions 13 Firewall Network Processor (FNP) Processing tasks: identifying a packet based on headers characteristics (address, VC, protocol, etc) identifying a packet based on headers characteristics (address, VC, protocol, etc) forwarding or discard a packet to the appropriate interface(s) (security police rules) forwarding or discard a packet to the appropriate interface(s) (security police rules) Specific tasks: (“stealth” mode) no modification (no updating fields in the packet header) no modification (no updating fields in the packet header) no scheduling (no queuing for specific application) no scheduling (no queuing for specific application) provide speed improvement through provide speed improvement through parallel processing (cluster) parallel processing (cluster) pipeline processing (conveyor) pipeline processing (conveyor)

Firewall Network Processor: basic concept and solutions 14 FNP specific design “stealth” mode for packet processing (no MAC, IP address on PHY s interfaces) “stealth” mode for packet processing (no MAC, IP address on PHY s interfaces) “orthogonal” address spaces for control and data interfaces “orthogonal” address spaces for control and data interfaces cluster architectures cluster architectures specific structure of buffer and cache memory (depends on fractal nature of network traffic) specific structure of buffer and cache memory (depends on fractal nature of network traffic) multi protocol IP/IPX scalable firewall solution multi protocol IP/IPX scalable firewall solution

Firewall Network Processor: basic concept and solutions 15 Architecture for secure corporate network Open Network Segment VPN Segment Web database portals DNS, servers Confidential catalogues and data

Firewall Network Processor: basic concept and solutions 16 FNP-100 Security Platform 10/100 Ethernet port (control interface) 10/100 Ethernet ports LAN, DMZ, WAN (stealth mode) interfaces power switch

Firewall Network Processor: basic concept and solutions 17 corporate network Global Internet Stealth and Control interfaces ISP network corporate router or backbone switch DMZ Web server application servers protected network segment admin WS modem dial-up access or terminal access LAN access FNP-100/4 private IP address control interface (RS232 or Ethernet stealth interfaces (no MAC and IP addresses)

Firewall Network Processor: basic concept and solutions 18 redundant domain FNP-100/2 control VPN or trusted distinct network segment FNP redundancy mode ISP network protected servers and hosts backbone switches c o r p o r a t e s e g m e n t s access segment NAS or IDS primary domain FNP-100/2 control or admin WS stealth interfaces stealth interfaces synchronization processes via control interfaces router or LAN backbone switches

Firewall Network Processor: basic concept and solutions 19 FNP-1000 Cluster Platform switched network infrastructure G l o b a l I n t e r n e t cluster of the security appliances WDM access ( 1,..., 4 modes) MUX or multi Gigabit VLAN Ethernet splitter FNP-1000/ stealth Gigabit Ethernet interfaces access Gigabit VLAN switches control interfaces internal network sensor internal Ethernet 100BT switched infrastructure control distinct network admin WS NAS or IDS FNP-100/4S protected network segment stealth interfaces

Firewall Network Processor: basic concept and solutions 20 Multi layers Security conveyor external perimeter of secure network public Internet SNMPdata transaction data control commands inner perimeter of secure network corporate segments and users firewalls VPN-server router common network elements Ethernet switch switch DNS Web server admin WS info security server computing cluster/ IDS system FNP-100/4 public Internet NAS-server network storage secure segment of corporate network transaction data control commands SNMP data FNP-100/2 external perimeter of secure network

Firewall Network Processor: basic concept and solutions 21 Performance characteristics Performance characteristics throughput (Mbps) vs packet size (byte) throughput (Mbps) vs number of rules Mbps packet size, byte Mbps number of rules FNP PC FNP PC

Firewall Network Processor: basic concept and solutions 22 Conclusion Network Processor (NP) - a new type of programmable device for network specific applications Network Processor (NP) - a new type of programmable device for network specific applications FNP or Firewall NP - scalable network device based on open source OS, standard PCI platform and “stealth” interfaces FNP or Firewall NP - scalable network device based on open source OS, standard PCI platform and “stealth” interfaces FNP can be viewed as a platform for broad types of network appliances which based on clusters architecture and many layers packets processing FNP can be viewed as a platform for broad types of network appliances which based on clusters architecture and many layers packets processing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.