Design Alternatives for a High-Performance Self-Securing Ethernet Network Interface

This paper presents and evaluates a strategy for integrating the Snort network intrusion detection system into a high-performance programmable Ethernet Network Interface Card (NIC), considering the impact of several possible hardware and software design choices. While currently proposed ASIC, FPGA, and TCAM systems can match incoming string content in real-time, the system proposed also supports the stream reassembly and HTTP content transformation capabilities of Snort. This system, called LineSnort, parallelizes Snort using concurrency across TCP sessions and executes those parallel tasks on multiple low-frequency pipelined RISC processors embedded in the NIC. LineSnort additionally exploits opportunities for intra-session concurrency. The system also includes dedicated hardware for high-bandwidth data transfers and for high-performance string matching.
Read Original Post Here

Written by on July 8th, 2008 with no comments.
Read more articles on Technology.

• [+] Digg: Feature this article
• [+] Del.icio.us: Bookmark this article
• [+] Furl: Bookmark this article

Related articles

• Live Webcast: Save Time, Money and Manpower While Eliminating Redundancies from Your Data Backups (August 20th, 2008)
• Pleasant ‘Dream’ for HTC, Google: FCC approves (August 20th, 2008)
• How do I… Back up my computer with Mozy for free? (August 19th, 2008)
• DEFCON 16: List of tools and stuff released (August 19th, 2008)
• Live Webcast: Unleashing the Value of VoIP (August 18th, 2008)