Barbarians in the gate: An experimental validation of NIC-based distributed firewall performance and flood tolerance

Michael Ihde, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper presents our experience validating the flood tolerance of two network interface card (NIC)-based embedded firewall solutions, the Embedded Firewall (EFW) and the Autonomic Distributed Firewall (ADF). Experiments were performed for both embedded firewall devices to determine their flood tolerance and performance characteristics. The results show that both are vulnerable to packet flood attacks on a 100 Mbps network. In certain configurations, we found that both embedded firewall devices can have a significant, negative impact on bandwidth and application performance. These results imply first that, firewall rule-sets should be optimized for performance-sensitive applications, and second, that proper consideration must be given to attack risks and mitigations before either the EFW or ADF is deployed. Finally, we believe that future embedded firewall implementations should be vetted in a manner similar to that presented in this paper. Our experience shows that when their limitations are properly considered, both the EFW and ADF can be safely deployed to enhance network security without undue risk.

Original languageEnglish (US)
Title of host publicationProceedings - DSN 2006
Subtitle of host publication2006 International Conference on Dependable Systems and Networks
Pages209-214
Number of pages6
DOIs
StatePublished - 2006
Externally publishedYes
EventDSN 2006: 2006 International Conference on Dependable Systems and Networks - Philadelphia, PA, United States
Duration: Jun 25 2006Jun 28 2006

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks
Volume2006

Other

OtherDSN 2006: 2006 International Conference on Dependable Systems and Networks
Country/TerritoryUnited States
CityPhiladelphia, PA
Period6/25/066/28/06

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Barbarians in the gate: An experimental validation of NIC-based distributed firewall performance and flood tolerance'. Together they form a unique fingerprint.

Cite this