skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks

Abstract

This project developed a new scalable network firewall and Intrusion Protection System (IPS) that can manage increasing traffic loads, higher network speeds, and strict Quality of Service (QoS) requirements. This new approach provides a strong foundation for next-generation network security technologies and products that address growing and unmet needs in the government and corporate sectors by delivering Optimal Network Security. Controlling access is an essential task for securing networks that are vital to private industry, government agencies, and the military. This access can be granted or denied based on the packet header or payload contents. For example, a simple network firewall enforces a security policy by inspecting and filtering the packet headers. As a complement to the firewall, an Intrusion Detection System (IDS) inspects the packet payload for known threat signatures; for example, virus or worm. Similar to a firewall policy, IDS policies consist of multiple rules that specify an action for matching packets. Each rule can specify different items, such as the signature contents and the signature location within the payload. When the firewall and IDS are merged into one device, the resulting system is referred to as an Intrusion Protection System (IPS), which provides both packet header andmore » payload inspections. Having both types of inspections is very desirable and more manageable in a single device.« less

Authors:
; ;
Publication Date:
Research Org.:
GreatWall Systems, Inc.
Sponsoring Org.:
USDOE Office of Energy Research (ER)/Chicago Office/ACQ
OSTI Identifier:
963374
DOE Contract Number:  
FG02-06ER86274
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; Highly-Scalable Firewall, Intrusion Detection, Intrusion Prevention

Citation Formats

Fulp, Errin W, Anderson, Robert E, and Ahn, David K. Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks. United States: N. p., 2009. Web.
Fulp, Errin W, Anderson, Robert E, & Ahn, David K. Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks. United States.
Fulp, Errin W, Anderson, Robert E, and Ahn, David K. Mon . "Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks". United States. doi:.
@article{osti_963374,
title = {Integrated Scalable Parallel Firewall and Intrusion Detection System for High-Speed Networks},
author = {Fulp, Errin W and Anderson, Robert E and Ahn, David K},
abstractNote = {This project developed a new scalable network firewall and Intrusion Protection System (IPS) that can manage increasing traffic loads, higher network speeds, and strict Quality of Service (QoS) requirements. This new approach provides a strong foundation for next-generation network security technologies and products that address growing and unmet needs in the government and corporate sectors by delivering Optimal Network Security. Controlling access is an essential task for securing networks that are vital to private industry, government agencies, and the military. This access can be granted or denied based on the packet header or payload contents. For example, a simple network firewall enforces a security policy by inspecting and filtering the packet headers. As a complement to the firewall, an Intrusion Detection System (IDS) inspects the packet payload for known threat signatures; for example, virus or worm. Similar to a firewall policy, IDS policies consist of multiple rules that specify an action for matching packets. Each rule can specify different items, such as the signature contents and the signature location within the payload. When the firewall and IDS are merged into one device, the resulting system is referred to as an Intrusion Protection System (IPS), which provides both packet header and payload inspections. Having both types of inspections is very desirable and more manageable in a single device.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Aug 31 00:00:00 EDT 2009},
month = {Mon Aug 31 00:00:00 EDT 2009}
}

Technical Report:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that may hold this item. Keep in mind that many technical reports are not cataloged in WorldCat.

Save / Share: