Modeling, Design And Analysis Of Firewall Switch For High Speed Networks

Firewalls are one of the most commonly used security systems to protect networks and hosts.Because firewalls offer a variety of features and services it is clear that the implementationof the system depends on its underlying networking technologies. Among the differentfirewall architectures a router-based packet-filtering firewall is the most common andeffective way of protecting an enterprise network from unauthorized access. However, itwill not work efficiently in an ATM network because it requires the termination of end-to-end ATM connections at a packet-filtering router, which produces a huge overhead of SAR(Segmentation and Reassembly). Very few approaches to this problem have been proposedin previous years; Different from this approach, this research focuses on studying thelimitations of the existing firewall switches and proposes solutions for the drawbacks.Recently ATLAS and other ATM Firewall switches are used to protect high speed ATMnetworks from Intruders but the switches have the following limitations; they performpacket-level filtering at only OC-3c, to avoid SAR, for each packet they only checks thefirst cell. Pass or fail! they use a policy cache architecture to speed the filtering operation up.Core unit is policy cache (CAM) if hit cache, the packet's cells are forwarded. Otherwisethe first cell go through a software-screening process and other cells are buffered in a queueand this results unwanted delay in filtering, the switch does not accept IP packets with IPoption fields, and in general they are not friendly for management and administration. Herein this dissertation we propose a new ATM firewall architecture that solves the statedlimitations and other security patches with 2.88 Gbites/sec throughput and a better workingperformance.The dissertation addresses the search for mechanisms that can provide firewall securityservices for high speed networking technologies. We describe an architecture providing ahigh speed access-control service firewall for ATM and IP over ATM networks. Most of thealternatives to our proposal focus on the efficiency of the access-control process accordingto the firewall model we depicted. Moreover, our proposal gives the security officer theability to filter ATM traffics through access-control parameters such as QoS (Quality ofService).In general, the dissertation explicitly describes the modeling, design and analysis of thefirewall switch that we propose to solve and fix the limitations of the existing packet levelfiltering and ATLAS ATM firewall switches. Our work also provides a framework in theform of a waterfall model within which firewall systems and their components can bedesigned, analyzed and evaluated.