IMPLEMENTATION OF FPGA CARD IN CONTENT FILTERING SOLUTIONS FOR SECURING COMPUTER NETWORKS. Received May 2010; accepted July 2010
|
|
|
- Aubrie Benson
- 10 years ago
- Views:
Transcription
1 ICIC Express Letters Part B: Applications ICIC International c 2010 ISSN Volume 1, Number 1, September 2010 pp IMPLEMENTATION OF FPGA CARD IN CONTENT FILTERING SOLUTIONS FOR SECURING COMPUTER NETWORKS Youngran Hong 1 and Dongsoo Kim 2, 1 Research Management Office, SOMANSA Co., Ltd. 1,2 Department of Industrial and Information Systems Engineering Soongsil University 511 Sangdo-Dong, Dongjak-Gu, Seoul, Korea [email protected] Corresponding author: [email protected] Received May 2010; accepted July 2010 Abstract. The organizations in network-advanced countries confront the problem in real-time data processing because the processing capacity in IT security solutions is under 300 Mbps but network traffic is over 1 Gbps. Up to now, most IT security solutions have been implemented as software type, but they are not considered as an appropriate alternative of processing packets in the mass traffic anymore. Especially, though IT security solutions should catch all the packets on the network, they may lose some important packets related with data security for their software type. This phenomenon results in the low reliability in data security. Recently, FPGA (Field Programmable Gate Array) cards have been emerged as an alternative in this area. The FPGA, which has been used in the semiconductor manufacturing industry, is used in IT security domain due to low production costs and high performance of data processing in mass traffic. This paper presents a hardware type implementation using FPGA in the content filtering solution to treat mass packets. Also, the result of experiment in the proposed system is introduced. The results are that the performance of the processing packets of this new method is much faster than that of the software type in almost three times. Keywords: FPGA card, Content filtering, Mass packets, IT security 1. Introduction. As the speed of network has become faster than ever before, it is necessary to support the mass traffic (almost 1 Gbps) capacity for data processing in IT solution industry. Especially, because IT security solution analyzes the packets for protecting data from being leaked and avoiding security threats [8], it is important to treat packets in the mass traffic environment. In this paper, we focus on content filtering solutions in comparing the rate of losing packets between software type and hardware type solution. As a content filtering solution monitors the inbound packets through the network and blocks the malware or useless web URLs by shooting the reset packets based on the rules or the policies, it is very important not to lose packets and to analyze them correctly and timely. Up to recently, most of the content filtering solutions have been implemented as software. Generally, it is good to develop content filtering solutions as software, because it is easy to design and implement. However, the software type has some problems in the business, nowadays. First of all, they have a limitation in their ability of processing mass packets on the fast network. They can treat packets till 300 Mbps to the maximum. If the software type is adopted on the 1 Gbps traffic devices, the packet loss rate would be over 60%. Although the content filtering solutions have to prevent the internal data from being leaked in the way of connecting with the malware, the software type does not have enough capacity to process mass packets. If the solution can protect and block 71
2 72 Y. HONG AND D. KIM suspicious web URLs in advance, it can secure the internal server stability and reduce the IT infrastructure costs like a burden of the web firewall. With these backgrounds, it is necessary to implement the best applications which use the various and abundant resource of software by processing mass packets in real-time. The stable hardware such as FPGA (Field Programmable Gate Array) card can be one of them. In this research, we present FPGA card adopted in a content filtering solution to overcome the problems of the software type in packet filtering. In addition, we evaluated the performance of this new method. We compared the performances of processing mass packets by using software type and FPGA card. It has been proved that the FPGA card can solve the limitations of the software type solution including packet loss problem. 2. Related Work. FPGA is an array technology by which an engineer can implement the circuit in the semiconductor chip. It can be designed and implemented by programming the device directly in the industrial field without requesting it to the semiconductor manufacturing companies [3]. The gate array is a kind of ASIC (Application Specific Integrated Circuit) device. Accordingly, the internal structure of the FPGA is similar to the ASIC gate array. Once the FPGA is fixed in the design, it can be produced as permanent chips loaded in the permanent electric circuits [1]. Today s FPGAs have evolved far beyond the basic capabilities presented in their predecessors, and they incorporate hard (ASIC type) blocks of commonly used functionality such as RAM, clock management and DSP. Following are the basic components of an FPGA [6]. Configurable Logic Block (CLBs) is the basic logic unit in an FPGA. Interconnect is the second basic component. While the CLB provides the logic capability, flexible interconnect routing routes the signals between CLBs and to and from I/Os. Select I/O (IOBs) is the third basic component. I/O in FPGAs is grouped in banks, which are independently able to support different I/O standards. The forth component is Memory. Embedded Block RAM memory is available in FPGAs. The fifth is Complete Clock Management. Digital clock management is provided by most FPGAs in the industry. Due to their programmable nature, FPGAs are an ideal fit for many industries: aerospace & defense, automotive, broadcast, consumer, industrial/scientific/medical, storage & server, wireless communications and wired communications and so on [6]. This paper focuses on the storage & server industry, especially the data processing solutions for the Network Attached Storage (NAS), Storage Area Network (SAN), servers and storage appliances [5]. The FPGA is being adopted in order to achieve the high performance and low costs in the storage & server part. Looking into Figure 1, we can understand how to achieve the high performance and how to reduce the costs by implementing the FPGA in the content filtering solution. The software type content filtering solution is dependent on the servers and the programming languages in the processing packets and in logging data I/O. However, once it is implemented in the FPGA card, the packet processing problems such as hang-data and I/O data packet loss can be solved, for it can guarantee processing mass packet stably up to the implemented chip-typed capacity as a processing packet form [2]. Content filtering is a technique whereby contents are blocked or allowed based on the results of content analysis, rather than the source or other criteria. It is widely used to filter s and web accesses on the Internet [3]. In this paper, we focus on the web access part. Content filtering solutions are usually used to prevent computer users from viewing inappropriate web sites or contents in organizations such as offices and schools, or they can be used as a pre-emptive security measure to prevent access to known malware hosts. Filtering rules are typically set by a central IT department and may be implemented via software on individual computers or at a central point on the network such as a proxy server or an Internet router. Depending on the sophistication of the system used, it may be possible for different computer users to have different levels of the Internet access [9].
3 ICIC EXPRESS LETTERS, PART B: APPLICATIONS, VOL.1, NO.1, Figure 1. Block diagram of FPGA in content filtering solution Common content filtering methods include the following techniques. Attachment method blocks certain types of files (e.g. executable programs). Bayesian, char-set, content encoding, heuristic method is a filtering based on heuristic scoring of the content according to multiple criteria and it depends on the contextual technology. HTML anomalies, language, mail header method is a filtering based solely on the analysis of headers, but it is less effective due to the ease of message header forgery. Mailing list method is used to detect mailing list messages and file them in appropriate folders. Phrases method is a filtering based on detecting phrases in the content text. Proximity method is a filtering based on detecting words or phrases when used in proximity, but it has high rate of false positive errors. Regular expression method is a filtering based on rules written as regular expressions. URL method is a filtering based on the URL and suitable for blocking websites or sections of websites. Most content filtering solutions combines of these techniques [1]. Among the common content filtering methods, most of the software type solutions are based on the URL based filtering method, and they are used in the B2B markets. These solutions monitor the internal employees web access in the network level. Therefore, it is classified as a network security system. 3. Architecture and Implementation of FPGA Card. This section presents the architecture of the FPGA card and content filtering solution implemented based on the FPGA card. The FPGA card contains some functions of software type security solutions as a hardware chip-type solution and it is loaded onto the server as shown in Figure 1. We can see the interaction between a PCI-e Card (a kind of FPGA card) and a CPU. This has been designed in order to increase the availability of the CPU. It is noteworthy to adopt Giga MAC to deal with the Packet Processing Engine. The driver in the CPU is used for the high performance with the purpose of reducing the burden in general CPU. In the case that the high performance driver is used for processing mass packets in software type, the software engine is stopped because of the hang packets in the CPU [4]. Figure 2 shows the logical diagram designed as IS 2320/2321 in the FPGA card, Port and Channel. In the IS 2320/2321, the number of ports of a card is 2(0, 1), while that
4 74 Y. HONG AND D. KIM of the channel is 1(0, 0). We can design the same logic diagram according to the IS 2420/2421, which has 1 port (0, 0) and two channels (0, 1) for the duplex configuration [4,7]. Figure 2. Logical diagram in FPGA for processing packets in IS 2320/2321 Figure 3 shows how the FPGA card processes the mass packets. In the software type solution, all the input packets are transferred to the content filtering engine on the HOST computer by the general Network Interface Card (NIC). It triggers the full-buffering and results in the packets dropped. Consequently, the resource is being consumed for handling packets in O/S. However, in the FPGA card, the input packets are processed in the card in advance, and the selected meaningful packets are transferred to the engine. It is a DMA (Direct Memory Access) method, and therefore it can process packets in real-time instead of handling packets in O/S [9]. Figure 3. Comparison of NIC and FPGA card packet processing method 4. Performance Evaluation. In order to evaluate the performance of the proposed method, we established a test environment. SQL server is used for logging the database. The specification of the used system is Xeon Quad 2 GHz 2, 4 GB RAM, 150 GB 5400 rpm HDD. Under this environment, the packets have been pumped and input to the FPGA card. The packet input ranges 100 Mbps 1 Gbps. Figure 4 shows the flow of the packet processing through the FPGA Card [4]. The FPGA card is covering all the packet processing procedures from the TCP filtering to the content type filtering. It is necessary to make only the content filtering engine being a FPGA card, for there are irregular patterns or newly generated URL should be updated frequently in the content filtering solutions.
5 ICIC EXPRESS LETTERS, PART B: APPLICATIONS, VOL.1, NO.1, Figure 4. Flow of packet filtering processed by FPGA Figure 5 shows the results of the performance evaluation. The FPGA card proposed in this paper does not show any packet loss whereas general NIC starts its packet loss from 300 Mbps. Also, our method shows low CPU usage rate compared with the general NIC. The results of this experiment show that the FPGA card can be used as an alternative for solving the packet loss problem in mass traffic network. However, there are some limitations of this study in applying the results to the real network service environment. First of all, the test environment depends on the simple content filtering engine. If the packet processing engine can be implemented more complicatedly, for example, if it supports not only dealing with the URL method but also Heuristic or Proximity method, the usage rates in CPU and memory would be increased. Figure 5. Result of performance evaluation 5. Conclusions. We implemented the FPGA card for improving the performance of processing packets on the mass traffic network like 1 Gbps. As the results of performance evaluation showed, we conclude that the FPGA card should be blended into the content filtering solutions to overcome the limitations of software type security solutions. We believe that it is meaningful to propose an alternative such as the FPGA card based hardware-centric implementation method in order to solve the mass traffic problems in the ubiquitous networked society. The range of the implementation in this experience was limited to the filtering engine for processing packets in the content filtering solutions. In the future, this kind of FPGA implementation is expected to be adopted in the other IT security parts such as filtering and DB access control area in order to make the packet and data processing speed higher and more efficient.
6 76 Y. HONG AND D. KIM REFERENCES [1] [2] J. Luo, J. B. Bernstein, J. A. Tuchman, H. Huang, K.-J. Chung and A. L. Wilson, A high performance radiation-hard field programmable analog array, Proc. of the 5th International Symposium on Quality Electronic Design, pp , [3] gate array. [4] I. Choi, Development of network based content security & data leakage prevention solution in BcN network, IITA, pp.33-45, [5] K. Sridharan and P. R. Kumar, Robotic Exploration and Landmark Determination: Hardwareefficient Algorithms and FPGA Implementations, Springer, [6] P. P. Chu, FPGA Prototyping by Verilog Examples: Xilinx Spartan-3 Version, Wiley-Interscience, [7] C. Maxfield, FPGAs: Instant Access, Newnes, [8] J. Ye, B. Fang, Y. Zhang and Z. Tian, A quantitative method for evaluating the security threats of grid system to tasks, International Journal of Innovative Computing, Information and Control, vol.5, no.4, pp , [9] D. Shin and H. Yang, Design and implementation of an intrusion detection system based on outflow traffic analysis, Journal of Korea Contents Association, vol.9, no.4, pp , 2004.
P2P Traffic Manager. L7 Internet Security. IP Appliance Products
IP Appliance Products P2P Traffic Manager L7 Internet Security Headquarter 13 Fl., Eunsung Bldg., 53-8 Cheongdamdong Kangnamgu Seoul, Korea 135-763 Tel +822-3446-6070 Fax +822-3445-9099 R&D Center 34 Gajeongdong,
Index Terms Domain name, Firewall, Packet, Phishing, URL.
BDD for Implementation of Packet Filter Firewall and Detecting Phishing Websites Naresh Shende Vidyalankar Institute of Technology Prof. S. K. Shinde Lokmanya Tilak College of Engineering Abstract Packet
Exploiting Stateful Inspection of Network Security in Reconfigurable Hardware
Exploiting Stateful Inspection of Network Security in Reconfigurable Hardware Shaomeng Li, Jim Tørresen, Oddvar Søråsen Department of Informatics University of Oslo N-0316 Oslo, Norway {shaomenl, jimtoer,
Networking Virtualization Using FPGAs
Networking Virtualization Using FPGAs Russell Tessier, Deepak Unnikrishnan, Dong Yin, and Lixin Gao Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Massachusetts,
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
NIOS II Based Embedded Web Server Development for Networking Applications
NIOS II Based Embedded Web Server Development for Networking Applications 1 Sheetal Bhoyar, 2 Dr. D. V. Padole 1 Research Scholar, G. H. Raisoni College of Engineering, Nagpur, India 2 Professor, G. H.
Best Practises for LabVIEW FPGA Design Flow. uk.ni.com ireland.ni.com
Best Practises for LabVIEW FPGA Design Flow 1 Agenda Overall Application Design Flow Host, Real-Time and FPGA LabVIEW FPGA Architecture Development FPGA Design Flow Common FPGA Architectures Testing and
NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
9/14/2011 14.9.2011 8:38
Algorithms and Implementation Platforms for Wireless Communications TLT-9706/ TKT-9636 (Seminar Course) BASICS OF FIELD PROGRAMMABLE GATE ARRAYS Waqar Hussain [email protected] Department of Computer
7a. System-on-chip design and prototyping platforms
7a. System-on-chip design and prototyping platforms Labros Bisdounis, Ph.D. Department of Computer and Communication Engineering 1 What is System-on-Chip (SoC)? System-on-chip is an integrated circuit
QoS & Traffic Management
QoS & Traffic Management Advanced Features for Managing Application Performance and Achieving End-to-End Quality of Service in Data Center and Cloud Computing Environments using Chelsio T4 Adapters Chelsio
Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.
RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional
REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series
TEPZZ 96 A_T EP 2 961 111 A1 (19) (11) EP 2 961 111 A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.
(19) TEPZZ 96 A_T (11) EP 2 961 111 A1 (12) EUROPEAN PATENT APPLICATION published in accordance with Art. 13(4) EPC (43) Date of publication:.12.1 Bulletin 1/3 (21) Application number: 147426.7 (22) Date
Lesson 7: SYSTEM-ON. SoC) AND USE OF VLSI CIRCUIT DESIGN TECHNOLOGY. Chapter-1L07: "Embedded Systems - ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 7: SYSTEM-ON ON-CHIP (SoC( SoC) AND USE OF VLSI CIRCUIT DESIGN TECHNOLOGY 1 VLSI chip Integration of high-level components Possess gate-level sophistication in circuits above that of the counter,
Seeking Opportunities for Hardware Acceleration in Big Data Analytics
Seeking Opportunities for Hardware Acceleration in Big Data Analytics Paul Chow High-Performance Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Toronto Who
How To Fix A Fault Notification On A Network Security Platform 8.0.0 (Xc) (Xcus) (Network) (Networks) (Manual) (Manager) (Powerpoint) (Cisco) (Permanent
XC-Cluster Release Notes Network Security Platform 8.0 Revision A Contents About this document New features Resolved issues Known issues Installation instructions Product documentation About this document
CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
Open Flow Controller and Switch Datasheet
Open Flow Controller and Switch Datasheet California State University Chico Alan Braithwaite Spring 2013 Block Diagram Figure 1. High Level Block Diagram The project will consist of a network development
Netsweeper Whitepaper
Netsweeper Inc. Corporate Headquarters 104 Dawson Road Suite 100 Guelph, ON, Canada N1H 1A7 CANADA T: +1 (519) 826 5222 F: +1 (519) 826 5228 Netsweeper Whitepaper Deploying Netsweeper Internet Content
Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System
, pp.97-108 http://dx.doi.org/10.14257/ijseia.2014.8.6.08 Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System Suk Hwan Moon and Cheol sick Lee Department
Network Security Platform 7.5
M series Release Notes Network Security Platform 7.5 Revision B Contents About this document New features Resolved issues Known issues Installation instructions Product documentation About this document
Firewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
How To Detect An Advanced Persistent Threat Through Big Data And Network Analysis
, pp.30-36 http://dx.doi.org/10.14257/astl.2013.29.06 Detection of Advanced Persistent Threat by Analyzing the Big Data Log Jisang Kim 1, Taejin Lee, Hyung-guen Kim, Haeryong Park KISA, Information Security
White Paper. Innovate Telecom Services with NFV and SDN
White Paper Innovate Telecom Services with NFV and SDN 2 NEXCOM White Paper As telecommunications companies seek to expand beyond telecommunications services to data services, they find their purposebuilt
PFP Technology White Paper
PFP Technology White Paper Summary PFP Cybersecurity solution is an intrusion detection solution based on observing tiny patterns on the processor power consumption. PFP is capable of detecting intrusions
Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE
Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to
WHITE PAPER. Extending Network Monitoring Tool Performance
WHITE PAPER Extending Network Monitoring Tool Performance www.ixiacom.com 915-6915-01 Rev. A, July 2014 2 Table of Contents Benefits... 4 Abstract... 4 Introduction... 4 Understanding Monitoring Tools...
Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation
Bricata Next Generation Intrusion Prevention System A New, Evolved Breed of Threat Mitigation Iain Davison Chief Technology Officer Bricata, LLC WWW.BRICATA.COM The Need for Multi-Threaded, Multi-Core
Windows Server Performance Monitoring
Spot server problems before they are noticed The system s really slow today! How often have you heard that? Finding the solution isn t so easy. The obvious questions to ask are why is it running slowly
Firewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
Rapid System Prototyping with FPGAs
Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of
The Leading Email Security Suites
The Leading Email Security Suites What is SpamSniper? The Leading Email Security Suites for Your Secure Messaging SpamSniper is the leading email security solution which locates in front of mail server
Overview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features
UDC 621.395.31:681.3 High-Performance IP Service Node with Layer 4 to 7 Packet Processing Features VTsuneo Katsuyama VAkira Hakata VMasafumi Katoh VAkira Takeyama (Manuscript received February 27, 2001)
Cisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
Development of Integrated Management System based on Mobile and Cloud Service for Preventing Various Hazards
, pp. 143-150 http://dx.doi.org/10.14257/ijseia.2015.9.7.15 Development of Integrated Management System based on Mobile and Cloud Service for Preventing Various Hazards Ryu HyunKi 1, Yeo ChangSub 1, Jeonghyun
Customer Service Description Next Generation Network Firewall
Customer Service Description Next Generation Network Firewall Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: [email protected] Interoute Communications Limited
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools
Terminal Server Software and Hardware Requirements Datacolor Match Pigment Datacolor Tools January 21, 2011 Page 1 of 8 Introduction This document will provide preliminary information about the both the
Solid State Storage in Massive Data Environments Erik Eyberg
Solid State Storage in Massive Data Environments Erik Eyberg Senior Analyst Texas Memory Systems, Inc. Agenda Taxonomy Performance Considerations Reliability Considerations Q&A Solid State Storage Taxonomy
Design of a High-speed and large-capacity NAND Flash storage system based on Fiber Acquisition
Design of a High-speed and large-capacity NAND Flash storage system based on Fiber Acquisition Qing Li, Shanqing Hu * School of Information and Electronic Beijing Institute of Technology Beijing, China
2 Enterprise. CounThru TM. Managed Print Solution. CounThru TM 2 Enterprise Managed Print Solution WHITE PAPER. Introduction. What is CounThru TM
2 Enterprise Managed Print Solution WHITE PAPER 2 Enterprise Managed Print Solution Introduction What is Printer Management? Printer management is the process of monitoring the status of a printer through
Management Solution for VTO(VoIP Traffic Optimizer) Service. Smart VTO Overview. AddPac Technology. 2014, Sales and Marketing. www.addpac.
VTO Manager Management Solution for VTO(VoIP Traffic Optimizer) Service Smart VTO Overview AddPac Technology 2014, Sales and Marketing www.addpac.com Contents (cont d) Smart VTO Overview Network Diagram
All Programmable Logic. Hans-Joachim Gelke Institute of Embedded Systems. Zürcher Fachhochschule
All Programmable Logic Hans-Joachim Gelke Institute of Embedded Systems Institute of Embedded Systems 31 Assistants 10 Professors 7 Technical Employees 2 Secretaries www.ines.zhaw.ch Research: Education:
2. TEACHING ENVIRONMENT AND MOTIVATION
A WEB-BASED ENVIRONMENT PROVIDING REMOTE ACCESS TO FPGA PLATFORMS FOR TEACHING DIGITAL HARDWARE DESIGN Angel Fernández Herrero Ignacio Elguezábal Marisa López Vallejo Departamento de Ingeniería Electrónica,
Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
Design of a High Speed Communications Link Using Field Programmable Gate Arrays
Customer-Authored Application Note AC103 Design of a High Speed Communications Link Using Field Programmable Gate Arrays Amy Lovelace, Technical Staff Engineer Alcatel Network Systems Introduction A communication
General Pipeline System Setup Information
Product Sheet General Pipeline Information Because of Pipeline s unique network attached architecture it is important to understand each component of a Pipeline system in order to create a system that
Linux NIC and iscsi Performance over 40GbE
Linux NIC and iscsi Performance over 4GbE Chelsio T8-CR vs. Intel Fortville XL71 Executive Summary This paper presents NIC and iscsi performance results comparing Chelsio s T8-CR and Intel s latest XL71
Internet Services. Amcom. Support & Troubleshooting Guide
Amcom Internet Services This Support and Troubleshooting Guide provides information about your internet service; including setting specifications, testing instructions and common service issues. For further
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
Benefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
INTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
McAfee Enterprise Mobility Management 12.0. Performance and Scalability Guide
McAfee Enterprise Mobility Management 12.0 Performance and Scalability Guide Contents Purpose... 1 Executive Summary... 1 Testing Process... 1 Test Scenarios... 2 Scenario 1 Basic Provisioning and Email
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
Digitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai 2007. Jens Onno Krah
(DSF) Soft Core Prozessor NIOS II Stand Mai 2007 Jens Onno Krah Cologne University of Applied Sciences www.fh-koeln.de [email protected] NIOS II 1 1 What is Nios II? Altera s Second Generation
A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
Virtual Appliance Setup Guide
Virtual Appliance Setup Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective
Deploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
Why 25GE is the Best Choice for Data Centers
Why 25GE is the Best Choice for Data Centers Gilles Garcia Xilinx Director Wired Communication Business Santa Clara, CA USA April 2015 1 Outline - update Data center drivers Why 25GE The need for 25GE
Network Based Intrusion Detection Using Honey pot Deception
Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.
Managed Hosting. PlusServer AG Overview
PlusServer AG Overview Managed Hosting Germany, Version 4.0-EN, as of February 25, 2010 PlusServer AG Tel. +49 22 33 612 4300 Daimlerstrasse 9-11 Fax +49 22 33 612 5140 50354 Huerth, Germany www.plusserver.com
Architekturen und Einsatz von FPGAs mit integrierten Prozessor Kernen. Hans-Joachim Gelke Institute of Embedded Systems Professur für Mikroelektronik
Architekturen und Einsatz von FPGAs mit integrierten Prozessor Kernen Hans-Joachim Gelke Institute of Embedded Systems Professur für Mikroelektronik Contents Überblick: Aufbau moderner FPGA Einblick: Eigenschaften
Firewalls and IDS. Sumitha Bhandarkar James Esslinger
Firewalls and IDS Sumitha Bhandarkar James Esslinger Outline Background What are firewalls and IDS? How are they different from each other? Firewalls Problems associated with conventional Firewalls Distributed
Enabling Technologies for Distributed Computing
Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies
Enabling Technologies for Distributed and Cloud Computing
Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading
msuite5 & mdesign Installation Prerequisites
CommonTime Limited msuite5 & mdesign Installation Prerequisites Administration considerations prior to installing msuite5 and mdesign. 7/7/2011 Version 2.4 Overview... 1 msuite version... 1 SQL credentials...
Chapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations
Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations Ryu HyunKi, Moon ChangSoo, Yeo ChangSub, and Lee HaengSuk Abstract In this paper,
A Phased Framework for Countering VoIP SPAM
International Journal of Advanced Science and Technology 21 A Phased Framework for Countering VoIP SPAM Jongil Jeong 1, Taijin Lee 1, Seokung Yoon 1, Hyuncheol Jeong 1, Yoojae Won 1, Myuhngjoo Kim 2 1
Security Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
Computer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
Network Instruments white paper
Network Instruments white paper ANALYZING FULL-DUPLEX NETWORKS There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports),
10-/100-Mbps Ethernet Media Access Controller (MAC) Core
10-/100-Mbps Ethernet Media Access Controller (MAC) Core Preliminary Product Brief December 1998 Description The Ethernet Media Access Controller (MAC) core is a high-performance core with a low gate count,
Dual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) International Journal of Engineering, Business and Enterprise
Cisco Prime Home 5.0 Minimum System Requirements (Standalone and High Availability)
White Paper Cisco Prime Home 5.0 Minimum System Requirements (Standalone and High Availability) White Paper July, 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public
Introducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring
CESNET Technical Report 2/2014 HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring VIKTOR PUš, LUKÁš KEKELY, MARTIN ŠPINLER, VÁCLAV HUMMEL, JAN PALIČKA Received 3. 10. 2014 Abstract
End-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
ThreatSpike Dome: A New Approach To Security Monitoring
ThreatSpike Dome: A New Approach To Security Monitoring 2015 ThreatSpike Labs Limited The problem with SIEM Hacking, insider and advanced persistent threats can be difficult to detect with existing product
Core Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006
Core Syllabus C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS Version 2.6 June 2006 EUCIP CORE Version 2.6 Syllabus. The following is the Syllabus for EUCIP CORE Version 2.6, which
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger [email protected] Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
Chapter 15. Firewalls, IDS and IPS
Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet
FPGA-based MapReduce Framework for Machine Learning
FPGA-based MapReduce Framework for Machine Learning Bo WANG 1, Yi SHAN 1, Jing YAN 2, Yu WANG 1, Ningyi XU 2, Huangzhong YANG 1 1 Department of Electronic Engineering Tsinghua University, Beijing, China
Lecture 23: Firewalls
Lecture 23: Firewalls Introduce several types of firewalls Discuss their advantages and disadvantages Compare their performances Demonstrate their applications C. Ding -- COMP581 -- L23 What is a Digital
PCI Express Overview. And, by the way, they need to do it in less time.
PCI Express Overview Introduction This paper is intended to introduce design engineers, system architects and business managers to the PCI Express protocol and how this interconnect technology fits into
Firewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: [email protected] Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
mbits Network Operations Centrec
mbits Network Operations Centrec The mbits Network Operations Centre (NOC) is co-located and fully operationally integrated with the mbits Service Desk. The NOC is staffed by fulltime mbits employees,
Benefits. Product Overview. There is nothing more important than our customers. DATASHEET
DATASHEET Security Information & Event Manager (SIEM) Compliance through Security Information and Event Management, Log Management, and Network Behavioral Analysis Product Overview Delivers fast, accurate
How To Protect A Dns Authority Server From A Flood Attack
the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point
Common Core Network Readiness Guidelines Is your network ready? Detailed questions, processes, and actions to consider.
Common Core Network Readiness Guidelines Is your network ready? Detailed questions, processes, and actions to consider. Is Your School Network Ready? Network readiness is an important factor in any new
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)
HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical
