Towards HardLANs: Building intrusion detection to 1 Gbps and beyond.

Posted in Conferences, Companies, Networking, Science on March 02, 2007

Towards HardLANs: Building intrusion detection to 1 Gbps and beyond.
Google Tech Talks
February 21,2007


With the advent of worms, passive malcode, and sophisticated attackers, the "Big Firewall" model of security has failed. To build robust commercial networks in the future, security will need to move into the LAN infrastructure.

The LAN vantage point requires a nearly two-order-of-magnitude cost/performance improvement over conventional network intrusion detection and response. In this talk, I introduce the rational for LAN-centric defences and the difficulties in implementing for these targets. I will then discuss our work on Shunting, a technique which enables the Bro intrusion detection to operate at Gigabit line rate with the addition of a small piece of hardware support. The small hardware enables Bro to decide, on a connection by connection basis, whether a connection requires further analysis. Additionally, VLAN-rewriting can allow a shunt, when coupled with a commodity managed Ethernet switch, to control all network traffic which passes through the switch.

This session will be taped by the Eng EDU Tech Talks Team.

Watch Video

Tags: Techtalks, Google, Networking, TCP/IP, Conferences, Science, Lectures, Broadcasting, Companies