Building a High-Performance Unified Threat Management
Appliance
Part II: Software Issues
by Mick Johnson
Sensory Networks
Multiple high-speed applications require a dedicated hardware co-processor
Keeping your network fast and secure is crucial to the success of your business. Who hasn't had their day ruined because the network was down, slow, infected or in the midst of repair? While the twin needs of speed and security are clearly important to all of us, the difficulty of providing both at the same time often escapes our attention. The security appliance market is experiencing three main drivers right now: devices must go faster, secure the network against more threats, and contain more functions. These integrated security appliances which target all three at once are commonly called unified threat management (UTM) appliances, and have the highest growth rate in the security appliance market according to research groups such as In-Stat and IDC. However, satisfying the three market drivers is a complex task for appliance developers, with several key hardware and software issues to be solved.
The processing of network traffic can be divided into 2 core sub-tasks: collection and detection. Collection refers to capturing traffic from the wire, parsing packet headers, processing the network stack, discerning which sequence of bits comprise packet payloads, re-injecting packets, and so on. Detection is the problem of taking those payloads and determining whether the packet or stream is malignant or benign.
...download complete article here (73kb PDF file)
...download complete Part One here (146kb PDF file)
|