Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN
|
|
- Imogen Parrish
- 8 years ago
- Views:
Transcription
1 Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN By Paul Stevens, Advantech Network security has become a concern not only for large businesses, but also for medium-sized firms. As threats to the network grow more prevalent and destructive, medium-sized businesses need enhanced security for access control, user authentication, and attack protection. This enhanced security requires a leap in performance, particularly in VPN performance. VPN performance is critical due to the growing number of tunnels required to support remote access users, backhaul regional office connections or secure wireless access points. This is bad news for medium-sized businesses, which have typically been priced out of VPN acceleration and end up compromising on features and performance. To address these needs, a new breed of platforms based on Intel s new EP80579 Integrated Processor delivers untouchable network security performance for at least half the price of previous platforms. With as much as 1600 Mbps of VPN throughput, they deliver a nocompromises approach to security for medium-sized business customers. This article presents a technology overview of an Intel EP80579-based Network Application Platform design. It compares it with previous solutions and shows why the Intel EP80579 will remake the network appliance market. Finally, it reviews packet processing acceleration methodologies, and shows how to use these methodologies on the Intel EP80579 platform. Intel EP80579-based Platform vs. 4-chip Solution Let us begin by reviewing previous solutions. Until now, most entry- to mid-range network application platforms used a 4-chip solution. For example, Advantech s FWA-3700 uses: A 1.8GHz Intel Pentium M processor, An Intel 915GM Graphics and Memory Controller Hub, An Intel ICH6-M I/O Controller Hub and An add-on PCI Crypto accelerator card for IPsec or SSL VPN solutions. This platform achieves a typical IPsec VPN throughput of 200 Mbps in a set-up using 256 byte packets and with 2048 IPsec VPN tunnels. However at this throughput the CPU operates at 100% capacity and CPU power consumption is as high as 31W. The Intel EP80579 Integrated Processor with Intel QuickAssist Technology replaces all three chips plus the accelerator card with a single System-on-a-Chip (SoC). This provides the following improvements: 2x improvement in cost 8x improvement in throughput 10x improvement in headroom 20% power savings 45% decrease in board space Advantech s new Intel EP80579-based FWA-3240 platform (Figure 1) illustrates these advantages. Initial simulated results for this platform yield 1600Mbps of IPsec VPN throughput with as little as 10% CPU utilization, all with a power reduction of almost 20%. (The Intel EP80579-based FWA-3240 figures use the fast path model, while the 4-chip FWA-3700 uses the look-aside model. We describe both models later in this article.)
2 With the highly integrated Intel EP80579 SoC, security appliance OEM s can forgo specialized co-processors and dedicated security hardware while remaining cost-effective (as much as 50% reduction for an equivalent configuration) and extremely power-efficient. Board size also decreases by nearly 45 percent thanks to the reduced real-estate requirements of the Intel EP80579 SoC. Best of all, the SoC is backwards code compatible with earlier Intel processors. Many security vendors already incorporate Intel x86 processors. These vendors can run existing software applications on the Intel EP80579 because it is backward code compatible with earlier Intel processors. Figure 1 Advantech FWA-3240 System and Block Diagram Intel EP80579 Architecture Overview Let s take a closer look at the Intel EP80579 architecture to see what makes it so compelling. We ll focus in particularly on the Acceleration layers. As shown in Figure 2, the Intel EP80579 is a SoC integrating an Intel Architecture processor with memory and I/O controllers. It also has integrated Intel QuickAssist Technology, which provides acceleration of cryptographic and packet processing. The Intel EP80579 is priced at $54 to $95, and has a thermal design power (TDP) of 13 to 21 W. (Pricing and power depend on the speed grade.) The four main components of the Intel EP80579 are as follows: The IA-32 core is based on the Intel Pentium M processor. It runs at MHz, with a 256 Kilobyte 2-way level 2 (L2) cache. The Integrated Memory Controller Hub (IMCH, sometimes known as the north bridge ) provides the main path to memory for the IA core and all peripherals that perform coherent I/O. Coherent I/O includes the PCI express, the IICH south bridge, as well as transactions from the Acceleration and I/O Complex to coherent memory.
3 The Integrated I/O Controller Hub (IICH, sometimes known as the south bridge ) provides a set of PC-compatible I/O devices. These include two SATA 1.0/2.0 controllers, two USB 1.1/2.0 host controllers supporting two USB ports, and two compatible serial UART interfaces. The fourth and most significant component from a network appliance platform perspective is the Acceleration and I/O complex (AIOC). This complex includes the Intel QuickAssist Technology which provides the following components: The Acceleration Services Unit (ASU) provides acceleration of packet processing for common protocols (IP Forwarding, IPsec) as well as a fast packet classification engine with support for firewall, NAT and IPsec based actions. The Security Services Unit (SSU) provides acceleration of common symmetric cryptography algorithms such as AES, 3DES, DES and RC4, as well as asymmetric algorithms like RSA, Diffie-Hellman and DSA. It supports message digest/hash functions such as MD5, SHA-1, SHA-2 and HMAC. It also supports true random number generation. Other components within the Acceleration and I/O Complex include: Three Gigabit Ethernet (GbE) media access controllers (MACs). Three High Speed Serial (HSS) interfaces which support up to 12 T1/E1 TDM interfaces. Although not shown explicitly in Figure 2, the AIOC also contains logic to allow agents to access on-chip SRAM and external DRAM. Based on BIOS configuration, this logic routes requests to external DRAM either directly to the memory controller, or through the Memory Controller Hub (MCH) for coherency with the IA processor s L2 cache. There is also a ring controller, which provides 64 rings (circular buffers) that can be used for message passing between software running on the IA core and firmware running on the ASU. Acceleration Services Unit Security Services Unit Local Expansio n Bus 80MHz) MDIO x1 CAN x2 SSP x1 IEEE-1588 TDM Interface (12 MAC #2 MAC MAC 256KB ASU SRAM Acceleration and I/O IA32 IMC Transparent PCI-to-PCI EDMA IA32 core L2 Cache 256 KB FSB Memory Controller Hub IIC APIC, DMA, Timers, Watchdog Timer, RTC, HPET (x3) SPI LPC1.1 SATA 2.0 x2 USB 2.0 x2 UART x2 GPIO x36 PCI Express Interfac e X1 (Gen1, 1x8, 2x4 or 2x1 root Memory Controller (DDR-2 400/533/667/800, Figure 2 Key components of the Intel EP80579 Integrated Processor
4 Acceleration Models Security software supports multiple usage models of the acceleration capability, called acceleration models. The supported models are look-aside, fast path, inline. Look-aside Model Figure 3 illustrates the look-aside model. In the look-aside model, every packet goes directly from the Gigabit Ethernet MAC to the IA core. This model involves little or no acceleration of the packet processing. Once the IA core receives packets, it can send them to the SSU for cryptographic processing. The crypto functions include encryption, decryption, and authentication support for symmetric (bulk) and asymmetric (public/private key) algorithms. The IA core invokes these functions using an API that supports algorithm chaining. With chaining, a single call to the API carries out one cipher and one hash (in either order), thereby reducing the number of function calls and the associated latency. Integrated Security Accelerators Crypto Engine IA32 core Figure 3 Look-aside Model The advantage of the look-aside model is its ease of implementation. Many vendors already use PCI-based crypto accelerator devices that rely on the look-aside model. Vendors can easily replace these PCI devices with The Intel EP80579's integrated security acceleration features. The downside of the look-aside model is that its lack of packet acceleration limits it to the low end of the SMB market. Fast Path Model The look-aside model does not scale well to gigabit rates on the single-core Intel EP80579, especially in the case of small packets. The CPU cycles required to process each packet, and to handle the interrupts associated with its arrival, constitute a serious bottleneck. The fast path acceleration model addresses this limitation by processing packets entirely in the fast path (that is, on the ASU) without ever sending the packet to the IA core. Figure 4 illustrates the logical system level view for a fast path configuration. Integrated Security Accelerators Classification, Firewall, IP Forwarding, IPsec Engine Crypto Engine IA32 core Figure 4 Fast Path Model
5 In Figure 4, one of the Gigabit ports connects to the external network and the other to the internal network. An IPsec acceleration engine sits between the Gigabit ports. The IPsec acceleration engine runs on the ASU and works with the crypto engine or SSU. It encrypts packets going into the external network on an IPsec VPN tunnel and decrypt packets coming from the external network on an IPsec VPN tunnel. In a strict fast path model, all packets are processed entirely in the fast path, meaning that they enter the system, and are processed (including IPsec processing, NAT processing, route lookup etc.) without ever interrupting the IA core. Therefore, this model allows scaling up to gigabit per second line rates. Figure 4 does not show the Internet key exchange (IKE) processing. The IA core performs this processing, using the look-aside model to accelerate the public key cryptography required by the protocol. IKE processing is a relatively low-frequency event, so it does not significantly impact the scalability of the fast path model. Inline Model The inline model describes those cases where packets are sent to the IA core after an accelerator performs some amount of packet processing, cryptographic processing, or other accelerated processing. A typical example is the case where an SSL-encrypted TCP stream terminates on the host. In this scenario, accelerators handle the TCP processing, SSL record processing and cryptographic processing (including encryption/decryption and authentication) and send the plaintext stream to the host. This offloads a significant number of processing cycles from the OS stack, freeing up the IA core to do other things. Figure 5 illustrates the inline acceleration model. The TCP/SSL engine implements TCP termination on the fast path. Denial-of-service (DoS) attack prevention mechanisms include the use of SYN cookies to prevent TCP SYN flood attacks. The TCP/SSL engine also provides a complete fast path implementation of SSL record processing. The SSL handshake is implemented on the IA and uses the look-aside model to accelerate the cryptographic functions. Using the TCP/SSL engine, applications can implement transparent inline acceleration of an SSL VPN. Integrated Security Accelerators Classification, Firewall, IP Forwarding, IPsec Engine Crypto Engine TCP/SSL IA32 core Figure 5 Inline Model Combining the Models Real-world applications typically combine the models above, through the creation of policies with appropriate actions dependent on matching a set of classifiers. For example, IPsec traffic may be handled using either the look-aside or fast path acceleration models: In the look-aside model, packets are routed to the IA core. A software IPsec implementation (such as Openswan) uses the Look-aside Crypto API to accelerate the encryption/decryption and authentication aspects of the protocol. In the fast path model, packets are routed through the fast path IPsec implementation. Only the first packet in the first flow of every tunnel will result in events to the IA core. These packets can be routed to an IKE stack to initiate security association negotiation.
6 IP forwarding can be done entirely in the fast path, as can simple firewall actions such as dropping, rejecting and TTL scrambling. TCP splicing can also be done in the fast path. TCP termination and SSL can be implemented using the inline acceleration model. Other traffic can be routed to the OS stack without any packet processing. Regardless of the model used, cryptographic operations can be accelerated using the Look-aside Crypto API. Conclusion The Intel EP80579 platform delivers performance without sacrificing programmability. It provides enough CPU margin to respond to dynamic threats whilst offering the capacity for additional valueadded software services. This means that medium-sized businesses can now benefit from VPN acceleration without having to compromise on features and performance. Compared to past solutions, The Intel EP80579 offers dramatic improvements in cost, power, and board space, all while offer major advances in throughput and headroom. With all of these advantages, The Intel EP80579 is set to revolutionize the network appliance market. Refs: [1] The Intel EP80579 Software for Security Applications on Intel QuickAssist Technology Programmer s Guide.
Cisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationDesigning Low Cost IP Telephony Platforms
Solution Brief IP Telephony Platforms Intel EP80579 Integrated Processor Product Line with Intel QuickAssist Technology Fonality* trixbox* Pro IP-PBX Software Solution Designing Low Cost IP Telephony Platforms
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationAccelerating Techniques for Rapid Mitigation of Phishing and Spam Emails
Accelerating Techniques for Rapid Mitigation of Phishing and Spam Emails Pranil Gupta, Ajay Nagrale and Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Buffalo, NY 14260 {pagupta,
More informationAppliedMicro Trusted Management Module
AppliedMicro Trusted Management Module Majid Bemanian, Sr. Director of Marketing, Applied Micro Processor Business Unit July 12, 2011 Celebrating 20 th Anniversary of Power Architecture 1 AppliedMicro
More informationUpsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery
WHITE PAPER Cost-Efficient SSL Application Delivery Upsurge in Encrypted Traffic Drives Demand for Cost-Efficient SSL Application Delivery Always On SSL Since 1994, enterprises looking to protect the security
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationSystem-on-a-Chip with Security Modules for Network Home Electric Appliances
System-on-a-Chip with Security Modules for Network Home Electric Appliances V Hiroyuki Fujiyama (Manuscript received November 29, 2005) Home electric appliances connected to the Internet and other networks
More informationIntel EP80579 Software for Security Applications on Intel QuickAssist Technology
Intel EP80579 Software for Security Applications on Intel QuickAssist Technology Programmer s Guide August 2009 Order Number: 320183-004US Legal Lines and Disclaimers INFORMATION IN THIS DOCUMENT IS PROVIDED
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationCisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
More informationHughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R
HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R HughesNet Managed Broadband Network Services include a high level of end-toend security utilizing a robust architecture designed by
More informationSecure Sockets Layer
SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated
More informationAccellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.
Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationWelcome to the Dawn of Open-Source Networking. Linux IP Routers Bob Gilligan gilligan@vyatta.com
Welcome to the Dawn of Open-Source Networking. Linux IP Routers Bob Gilligan gilligan@vyatta.com Outline About Vyatta: Open source project, and software product Areas we re working on or interested in
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationSockets vs. RDMA Interface over 10-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck
Sockets vs. RDMA Interface over 1-Gigabit Networks: An In-depth Analysis of the Memory Traffic Bottleneck Pavan Balaji Hemal V. Shah D. K. Panda Network Based Computing Lab Computer Science and Engineering
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationKeyStone Architecture Security Accelerator (SA) User Guide
KeyStone Architecture Security Accelerator (SA) User Guide Literature Number: SPRUGY6B January 2013 Release History www.ti.com Release Date Description/Comments SPRUGY6B January 2013 Added addition engine
More informationIntegrated Services Router with the "AIM-VPN/SSL" Module
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationDesign Patterns for Packet Processing Applications on Multi-core Intel Architecture Processors
White Paper Cristian F. Dumitrescu Software Engineer Intel Corporation Design Patterns for Packet Processing Applications on Multi-core Intel Architecture Processors December 2008 321058 Executive Summary
More informationZigBee Technology Overview
ZigBee Technology Overview Presented by Silicon Laboratories Shaoxian Luo 1 EM351 & EM357 introduction EM358x Family introduction 2 EM351 & EM357 3 Ember ZigBee Platform Complete, ready for certification
More informationFIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0
FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282
More information7a. System-on-chip design and prototyping platforms
7a. System-on-chip design and prototyping platforms Labros Bisdounis, Ph.D. Department of Computer and Communication Engineering 1 What is System-on-Chip (SoC)? System-on-chip is an integrated circuit
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationCisco VPN Internal Service Module for Cisco ISR G2
Data Sheet Cisco VPN Internal Service Module for Cisco ISR G2 Compact Versatile High-Performance VPN Module The Cisco VPN Internal Service Module (VPN ISM) is a module for the Cisco Integrated Services
More informationProduct Brief. R7A-200 Processor Card. Rev 1.0
Product Brief R7A-200 Processor Card Rev 1.0 Order Codes for Default Configuration: 900-015-601 900-017-601 R7A-200 Broadcom XLR732 atca Processor/Switch Board with dual 1.0Ghz CPU's, 8GB DDR2 per XLR,
More informationIINS Implementing Cisco Network Security 3.0 (IINS)
IINS Implementing Cisco Network Security 3.0 (IINS) COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationWhy SSL is better than IPsec for Fully Transparent Mobile Network Access
Why SSL is better than IPsec for Fully Transparent Mobile Network Access SESSION ID: SP01-R03 Aidan Gogarty HOB Inc. aidan.gogarty@hob.de What are we all trying to achieve? Fully transparent network access
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationGigabit Multi-Homing VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband
More informationSymantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2
Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationInsiders View: Network Security Devices
Insiders View: Network Security Devices Dennis Cox CTO @ BreakingPoint Systems CanSecWest/Core06 Vancouver, April 2006 Who am I? Chief Technology Officer - BreakingPoint Systems Director of Engineering
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationGigabit SSL VPN Security Router
As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationOpenSPARC T1 Processor
OpenSPARC T1 Processor The OpenSPARC T1 processor is the first chip multiprocessor that fully implements the Sun Throughput Computing Initiative. Each of the eight SPARC processor cores has full hardware
More informationImplementing Cisco IOS Network Security
Implementing Cisco IOS Network Security IINS v3.0; 5 Days, Instructor-led Course Description Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationCerticom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement
certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage
More informationBivio 7000 Series Network Appliance Platforms
W H I T E P A P E R Bivio 7000 Series Network Appliance Platforms Uncompromising performance. Unmatched flexibility. Uncompromising performance. Unmatched flexibility. The Bivio 7000 Series Programmable
More informationTCP Offload Engines. As network interconnect speeds advance to Gigabit. Introduction to
Introduction to TCP Offload Engines By implementing a TCP Offload Engine (TOE) in high-speed computing environments, administrators can help relieve network bottlenecks and improve application performance.
More informationTrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents
WHITE PAPER TrustNet CryptoFlow Group Encryption Table of Contents Executive Summary...1 The Challenges of Securing Any-to- Any Networks with a Point-to-Point Solution...2 A Smarter Approach to Network
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationIntel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family
Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport
More informationThingsquare Technology
Thingsquare Technology Thingsquare connects smartphone apps with things such as thermostats, light bulbs, and street lights. The devices have a programmable wireless chip that runs the Thingsquare firmware.
More informationM-Shield mobile security technology
Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationIntroduction to Security and PIX Firewall
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
More informationViewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355
VPN This chapter describes how to configure Virtual Private Networks (VPNs) that allow other sites and remote workers to access your network resources. It includes the following sections: About VPNs, page
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationNXP & Security Innovation Encryption for ARM MCUs
NXP & Security Innovation Encryption for ARM MCUs Presenters Gene Carter- International Product Manager, NXP Semiconductors Gene is responsible for marketing of the ARM7 and Cortex-M3 microcontrollers.
More informationThe BANDIT Products in Virtual Private Networks
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationIntel DPDK Boosts Server Appliance Performance White Paper
Intel DPDK Boosts Server Appliance Performance Intel DPDK Boosts Server Appliance Performance Introduction As network speeds increase to 40G and above, both in the enterprise and data center, the bottlenecks
More information4 Delivers over 20,000 SSL connections per second (cps), which
April 21 Commissioned by Radware, Ltd Radware AppDirector x8 and x16 Application Switches Performance Evaluation versus F5 Networks BIG-IP 16 and 36 Premise & Introduction Test Highlights 1 Next-generation
More informationAs enterprises conduct more and more
Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside
More information- Introduction to PIX/ASA Firewalls -
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
More informationCisco Wireless Security Gateway R2
Cisco Wireless Security Gateway R2 Product Overview The Cisco Wireless Security Gateway (WSG) is a highly scalable solution for tunneling femtocell, Unlicensed Mobile Access (UMA)/Generic Access Network
More informationACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0
ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Fundamental Principles of a Secure Network
More informationSecure SCTP against DoS Attacks in Wireless Internet
Secure SCTP against DoS Attacks in Wireless Internet Inwhee Joe College of Information and Communications Hanyang University Seoul, Korea iwjoe@hanyang.ac.kr Abstract. The Stream Control Transport Protocol
More informationIntel Network Builders: Lanner and Intel Building the Best Network Security Platforms
Solution Brief Intel Xeon Processors Lanner Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms Internet usage continues to rapidly expand and evolve, and with it network
More informationUnderstand Electronic-Meter Design to Better Craft Intelligent and Secure Systems
Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems driving trust Author, INSIDE Secure As more utility companies install smart electric and other types of utility meters
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More informationAppDirector Load balancing IBM Websphere and AppXcel
TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT
More informationBranch Office VPN Tunnels and Mobile VPN
WatchGuard Certified Training Branch Office VPN Tunnels and Mobile VPN Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Notice to Users Information
More informationALL-AIO-2321P ZERO CLIENT
ALL-AIO-2321P ZERO CLIENT PCoIP AIO Zero Client The PCoIPTM technology is designed to deliver a user s desktop from a centralized host PC or server with an immaculate, uncompromised end user experience
More informationSummary of Results. NGINX SSL Performance
NGINX SSL NGINX is commonly used to terminate encrypted SSL and TLS connections on behalf of upstream web and application servers. SSL termination at the edge of an application reduces the load on internal
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationGigabit Multi-Homing VPN Security Router
Gigabit Multi-Homing VPN Security Router Physical Port 1~2 x 10/100/1000 Base-T RJ-45, configurable with LAN 1 (Mirror Port) 3~4 x 10/100/1000 Base-T RJ-45, configurable with WAN 4 (WAN 4 / LAN2 / DMZ)
More informationCyber Security Practical considerations for implementing IEC 62351
1. Introduction Cyber Security Practical considerations for implementing IEC 62351 Frank Hohlbaum, Markus Braendle, Fernando Alvarez ABB frank.hohlbaum@ch.abb.com Switzerland Two trends are currently changing
More informationSonicWALL Advantages Over WatchGuard
Competitive Analysis August 2001 WatchGuard SOHO - Product Overview WatchGuard Technologies extended its product offerings to the fast-growing broadband market through the acquisition of BeadleNet, LLC,
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004
ZyWALL 5 Internet Security Appliance Quick Start Guide Version 3.62 (XD.0) May 2004 Introducing the ZyWALL The ZyWALL 5 is the ideal secure gateway for all data passing between the Internet and the LAN.
More informationAm186ER/Am188ER AMD Continues 16-bit Innovation
Am186ER/Am188ER AMD Continues 16-bit Innovation 386-Class Performance, Enhanced System Integration, and Built-in SRAM Problem with External RAM All embedded systems require RAM Low density SRAM moving
More informationIncreasing Performance in Network Storage with Multi-Processors and High-Speed I/O
WHITE PAPER BCM1250 Increasing Performance in Network Storage with Multi-Processors and High-Speed I/O 1250-WP100-R 16215 Alton Parkway P.O. Box 57013 Irvine, California 92619-7013 Phone: 949-450-8700
More informationCisco Application Networking for IBM WebSphere
Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address
More informationPutting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE CCNC 2006 proceedings. Putting it on the NIC: A Case Study on application
More informationBoosting Data Transfer with TCP Offload Engine Technology
Boosting Data Transfer with TCP Offload Engine Technology on Ninth-Generation Dell PowerEdge Servers TCP/IP Offload Engine () technology makes its debut in the ninth generation of Dell PowerEdge servers,
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationSTM32 F-2 series High-performance Cortex-M3 MCUs
STM32 F-2 series High-performance Cortex-M3 MCUs STMicroelectronics 32-bit microcontrollers, 120 MHz/150 DMIPS with ART Accelerator TM and advanced peripherals www.st.com/mcu STM32 F-2 series The STM32
More informationNetworking Goes Open-Source. Michael Zimmerman VP Marketing, Tilera mzimmerman@tilera.com
Networking Goes Open-Source Michael Zimmerman VP Marketing, Tilera mzimmerman@tilera.com Open Server Summit, October 23, 2013 Networking Goes Open-Source ? Networking Goes Open-Source Are they connected
More informationVallisha Keshavamurthy and Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Buffalo, NY 14260 {vallisha,shambhu}@buffalo.
Accelerated Processing of Secure Email by Exploiting Built-in Security Features on the Intel EP80579 Integrated Processor with Intel QuickAssist Technology Vallisha Keshavamurthy and Shambhu Upadhyaya
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationFIPS 140-2 Security Policy 3Com Embedded Firewall PCI Cards
FIPS 140-2 Security Policy 3Com Embedded Firewall PCI Cards 3Com Corporation 5403 Betsy Ross Drive Santa Clara, CA 95054 USA February 24, 2006 Revision Version 0.4 Page 1 of 15 1. Introduction The following
More informationTable of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2
Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server
More information