Abstract | ||
---|---|---|
This paper proposes a scalable and high available (HA) architecture for implementing cost effective security switches. In this architecture, each "security switch" consists of a traditional layer-2 switch and a "security switch engine (SSE)" which provides packet content inspection service. These two components are connected via a Gigabit Ethernet link. A mechanism is proposed to interconnect a group of "security switches" to provide the HA feature. A system of four security switches is implemented and the experimental results show that the HA function works successfully even only one SSE is active. The SSE is implemented with full intrusion prevention function on a standard high performance Industrial PC with the performance of 1.2Gbps for UDP packets and 400Mbps for TCP flows. Therefore the proposed security switch architecture can be realized in a very cost effective mechanism to provide Intranet protection. Index terms: Defense-in-Depth, Intrusion Prevention, High Availability (HA), Security Switch |
Year | DOI | Venue |
---|---|---|
2006 | 10.1109/ICC.2006.255119 | 2006 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-12 |
Keywords | Field | DocType |
inspection,cost effectiveness,intrusion prevention,computer architecture,switches,intrusion detection,packet switching,high availability,layer 2,national security | Deep content inspection,Computer science,Industrial PC,Intranet,Network packet,Computer network,Gigabit Ethernet,Packet switching,Intrusion detection system,Scalability,Embedded system | Conference |
ISSN | Citations | PageRank |
1550-3607 | 0 | 0.34 |
References | Authors | |
1 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Nen-Fu Huang | 1 | 620 | 72.93 |
Chih-Hao Chen | 2 | 0 | 0.34 |
Yuang-Fang Huang | 3 | 0 | 0.68 |
Yi-hsuan Feng | 4 | 11 | 2.54 |
Chia-Nan Kao | 5 | 74 | 8.20 |
Hsien-Wei Hung | 6 | 34 | 4.42 |
Ming-Chang Shih | 7 | 1 | 2.05 |