Information Trust Institute (ITI) Calendar

Back to Listing

TSS Seminar: Nicholas Weaver: "Towards HardLANs: Scaling IDS to 1 Gbps and Beyond"

Event Type
Information Trust Institute
3405 Siebel Center
Oct 11, 2006   4:00 pm  
Nicholas Weaver of the International Computer Science Institute, Berkeley
Originating Calendar
Information Trust Institute (ITI) archival calendar


With the advent of worms, passive malcode, and sophisticated attackers, the "Big Firewall" model of security has failed. To build robust commercial networks in the future, security will need to move into the LAN infrastructure.

The LAN vantage point requires a nearly two-order-of-magnitude cost/performance improvement over conventional network intrusion detection and response. In this talk, I introduce the rational for LAN-centric defences and the difficulties in implementing for these targets. I will then discuss our work on Shunting, a technique which enables the Bro intrusion detection to operate at Gigabit line rate with the addition of a small piece of hardware support. The small hardware enables Bro to decide, on a connection by connection basis, whether a connection requires further analysis. Additionally, VLAN-rewriting can allow a shunt, when coupled with a commodity managed Ethernet switch, to control all network traffic which passes through the switch.


Nicholas Weaver received his Ph.D in 2003 from the University of California at Berkeley. His research areas include computer security, intrusion detection, and FPGA architectures.

link for robots only