|
The rise of application-layer DoS attacks, the popularity
of Network Address Translation (NAT), and the need for
advanced network security capabilities have spawned
the development of application-aware firewalls. Unlike
their TCP filtering ancestors, these devices include
features such as URL and content blocking, file and
printer sharing and VoIP call control, spam and virus
filtering, intrusion prevention and protocol anomaly
detection.
Unfortunately, it's difficult to compare application-aware
firewalls. Vendors usually list only raw ‘best
case’ TCP performance statistics, ignoring the
fact that application filtering capabilities can sap
most of the available CPU horsepower and degrade performance
by more than one half. Application attack mitigation
is desirable, but how are network designers selecting
their firewalls and dimensioning their networks? Are
they allowing for a 50-99% performance impact of DOS
attacks on overall performance?
This paper is written for Service Providers, Manufacturers
of Network Security Devices, Network Operators, Data
Center Operators and System Integrators who need to
understand and characterize the performance of application-aware
firewalls.
|
Contact
Us
