Force10 Networks Chief Security Scientist Explores Security Requirements

Securing the 10 Gigabit Ethernet network edge requires a high performance firewall that emphasizes flexibility and speed over feature density to effectively protect against evolving threats, Force10 Networks Chief Security Scientist Livio Ricciulli said at the Supercomputing 06 conference in Tampa, Fla. “The growing adoption of 10 Gigabit Ethernet networks coupled with the continuing rise in security threats has prompted the need for a flexible firewall that can provide visibility into traffic as well as filter it at 10 Gigabit speeds,” said Ricciulli. “To effectively protect the network edge, it is critical to move away from the rigid ordering logic of existing firewalls to a flexible scheme that lets network operators choose between policy control, ordered rules or summed outcomes.” To reduce networking costs while adding high capacity links to their network, many research and education networks are turning to the 10 Gigabit Ethernet wide area network physical interface (WAN PHY) as a cost-effective alternative to traditional SONET/SDH connections. For considerably less than an OC-192 connection, the 10 Gigabit Ethernet WAN PHY delivers the same capacity, enabling these organizations to connect with other networks or facilities worldwide. The increase in network speeds and the movement to Ethernet in the WAN change security requirements, making flexibility critical to securing 10 Gigabit Ethernet networks. The need for flexibility is particularly important in the rules processing function, where rigid ordering logic cannot efficiently scale to 10 Gigabits per second (Gbps). “The nature of the firewall, as the first line of defense, demands transparency in the network and packet inspection through Layer 7 to eliminate unwanted traffic prior to its entry into the network,” Ricciulli continued. “On 10 Gigabit Ethernet networks, security is not just about speed but also reliability, and the combination of flexibility, transparency and deep packet inspection ensure maximum network security without compromising the performance of the network.” The Force10 P-Series is the industry’s only family of security appliance that can scale to protect 10 Gigabit Ethernet networks. Leveraging the patented Dynamic Parallel Inspection technology, the P-Series inspects, monitors and protects the network at line-rate 10 Gbps and provides network operators with the rule processing flexibility they need.