New firewall will be embedded in NIC

New firewall will be embedded in NIC

By William Jackson

GCN Staff

APRIL 9—A new firewall developed with help from the Defense Advanced Research Projects Agency will be available late this summer as a firmware download for 3CR990 10/100-Mbps network interface cards from 3Com Corp. of Santa Clara, Calif.

3Com and Secure Computing Corp. of San Jose, Calif., announced the embedded firewall today at the RSA Data Security Conference in San Francisco. The concept would add a security layer inside the firewall perimeter by filtering packets at the NIC. It potentially could guard against insider damage.

'The big push for the Defense Department is to add layers of security,' said Christopher Filo, vice president and general manager of Secure Computing's advanced technology division.

Embedding the firewall in the NIC makes it independent of the operating system and offloads activity from the CPU, improving performance, he said. It filters packets at source and destination IP addresses, port ranges and subnet masks. The firewall can detect whether a packet initiates a TCP connection. It also can prohibit sniffing and spoofing and block fragmented IP packets.

The client version can support up to 64 policy rules, and the server version up to128 rules. A firewall policy server centrally manages the rules over an encrypted channel.

The firewall is one of several DARPA-funded initiatives at Secure Computing, Filo said. 'The closer you can put the security to the data you are trying to protect, the better off you are,' he said. The 3CR990 became the vehicle because of its 133-MHz RISC processor, used for IP Security encryption and TCP/IP networking tasks.

'You can do wire-speed encryption with the card,' said John H. Harris V, 3Com product line manager for security solutions.

Although the NIC firewall adds no network overhead, there is a noticeable effect on performance when the maximum number of rules is being enforced, Filo said.

The 3CR990 works with Microsoft Windows 2000, Windows NT 4.0 and Windows 9x. The firewall policy server runs under Win 2000 and NT 4.0. A PC version costs $119, and a server version $129. The embedded firewall will add about $50 per desktop seat and $200 per server seat to PC operation costs, the company estimates. A policy server for up to 3,000 NICs will cost around $1,000.

Contact 3Com at 877-949-3266.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group