Security continues to be the biggest concern for IT managers and, in turn, design engineers developing firewall systems. With more viruses popping up and hackers attacking more often, corporations are looking for any approach possible to plug holes in their firewall . . .
Security continues to be the biggest concern for IT managers and, in turn, design engineers developing firewall systems. With more viruses popping up and hackers attacking more often, corporations are looking for any approach possible to plug holes in their firewall architectures.

Traditionally, designers have turned to packet classification, also called stateless classification, as a means for providing higher levels of performance in a firewall architecture. While doing a nice job on analyzing an individual packet, the packet classification approach falls short. Specifically, by not relating individual packet information to an overall flow, these classification engines can leave big holes in the firewall architecture, requiring application-level proxying, which adds cost and degrades firewall performance.

What's needed is a more stateful approach to classification. Rather than simply looking at a packet, designers need to implement stateful classification techniques that allow designers to classify the properties of a packet as well as understand how that packet fits into an overall communication flow.

The link for this article located at CommsDesign is no longer available.