network logoeetimestechonlineembedded
United Business Media EE Times


Search

HOMEMARKET INTELLIGENCE UNITFORUMSDESIGNNEW PRODUCTSCAREERSBLOGSCONTACTEVENTSSIGN UP!RSSMost Popular contentTrusted Sources

 

VHB security system halts denial-of-service attacks







Loring Wirbel Loring Wirbel
EE Times
(02/06/2001 5:33 PM EST)

WASHINGTON — A unique appliance that can stop denial-of-service attacks in enterprises or Internet points of presence took its first bow at the recent ComNet show.

VHB Technologies, an angel-funded startup in Richardson, Texas, had been searching since its launch last fall for a security-oriented network processor to perform deep packet classification of the type needed to prevent denial-of-service, but ended up designing its own: the Vipre parallel-processing ASIC.

VHB president Garry Hemphill and senior vice president of product development Ben Bittle came from the former Optical Data Systems Inc., a company with a decade of experience in secure networks. Bittle had conceived of a single system, operating on either side of a router, that could handle searches as deep as 512 bytes at wire speeds up to 2.5 Gbits/second.

Eventually, Bittle said, the family of products VHB envisioned required a processor that could handle 10-Gbit/s speeds in parallel implementations.

VHB has applied for a patent for its pre-processing "cell sorter," which embeds network data in a protocol data unit, strips packet headers and sends the results to the Vipre engine. The Vipre, subject of another patent application, performs such functions as packet permissions and denials, SNMP trap sends, packet duplication and redirection, and statistics counting.

The Vipre and sorter are embedded in a small rack-mountable system, the VHB-2000, that can perform searches at all seven layers of the Open System Interconnect protocol stack.

Users can set up searches and filters on the fly, without bringing down the system or network. A variety of Layer 1 and 2 interfaces are provided as both inputs and outputs to the system, including asynchronous transfer mode and Sonet operating at OC-12 and OC-48c rates; Gigabit Ethernet (or 10/100 Ethernet on the premises side); and Packet Over Sonet operating at OC-12 and OC-48c. Depending on its interfaces and daughter-card adjuncts, the system will list in a price range of $19,000 to $44,000.

In addition to filtering packets to watch for hacker attacks, the VHB-2000 can process in parallel up to 380,000 access-control-list lines, making it an all-purpose accelerator for router-table acceleration.











  Free Subscription to EE Times
First Name Last Name
Company Name Title
Email address
  Click here for your Free Subscription to EETimes Europe
 
CAREER CENTER
Ready to take that job and shove it?
SEARCH JOBS
SPONSOR

RECENT JOB POSTINGS
CAREER NEWS
Federal CTO Sees IT Leading U.S. Out Of Recession
Aneesh Chopra is looking to other CIOs to advise him on fleshing out a more detailed agenda to best serve the president's IT agenda.

For more great jobs, career related news, features and services, please visit EETimes' Career Center.


All White Papers »   

 
Education and
Learning


Learn Now:



Home | About | Editorial Calendar | Feedback | Subscriptions | Newsletter | Media Kit | Contact | Reprints|  RSS|   Digital|  Mobile
Network Websites
International
Network Features




All materials on this site Copyright © 2009 TechInsights, a Division of United Business Media LLC All rights reserved.
Privacy Statement | Terms of Service | About