Firewalls filter information as it flows through a network. This filter can be implemented in hardware or software and can be used to protect computers from unwanted access. While software firewalls are considered easier to set up and use, hardware firewalls are often considered faster and more secure. Absent from the marketplace is an embedded hardware solution applicable to desktop systems. Traditional software firewalls use the CPU of the computer to filter packets; this is disadvantageous because the computer can become unusable during a network attack when the CPU is swamped by the firewall process. Traditional hardware firewalls are usually implemented in a single location, between a private network and the Internet. Depending on the size of the private network, a hardware firewall may be responsible for filtering the network traffic of hundreds of clients. This not only makes the required hardware firewall quite expensive, but dedicates those financial resources to a single point that may fail. The dynamic silicon firewall project implements a hardware firewall using a soft-core processor with a custom peripheral designed using a hardware description language. Embedding this hardware firewall on each network interface card in a network would offer many benefits. It would avoid the aforementioned denial of service problem that software firewalls are susceptible to since the custom peripheral handles the filtering of packets. It could also reduce the complexity required to secure a large private network, and eliminate the problem of a single point of failure. Also, the dynamic silicon firewall requires little to no administration since the filtering rules change with the user's network activity. The design of the dynamic silicon firewall incorporates the best features from traditional hardware and software firewalls, while minimizing or avoiding the negative aspects of both
[1]
Elizabeth D. Zwicky,et al.
Building internet firewalls
,
1995
.
[2]
Jean-Louis Brelet.
Using Block RAM for High Performance Read/Write CAMs
,
2000
.
[3]
Jin Cheng.
Silicon firewall prototype
,
2003
.
[4]
Keith W. Ross,et al.
Computer networking - a top-down approach featuring the internet
,
2000
.
[5]
TIME TO LIVE ON THE NETWORK Executive Summary
,
.
[6]
Jon Postel,et al.
User Datagram Protocol
,
1980,
RFC.
[7]
Peter Marwedel,et al.
Embedded system design
,
2021,
Embedded Systems.
[8]
David C. Plummer,et al.
Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware
,
1982,
RFC.
[9]
Douglas L. Perry,et al.
VHDL: Programming by Example
,
2002
.
[10]
Donald E. Thomas,et al.
The Verilog® Hardware Description Language
,
1990
.
[11]
D. Brent Chapman,et al.
Network (In)Security Through IP Packet Filtering
,
1992,
USENIX Summer.
[12]
Ed Sutter.
Embedded Systems Firmware Demystified
,
2002
.
[13]
William H. Mangione-Smith,et al.
Specialized Hardware for Deep Network Packet Filtering
,
2002,
FPL.
[14]
Anja Feldmann,et al.
Tradeoffs for packet classification
,
2000,
Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).