Looking at your project, are you going to put more emphasis on perofrmance than on Security. Because ALG firewalls will chew up lot more system resources just to provide more application level awareness and checks, eventually consuming lot of bandwidth too.
Regards
Syed
>From: Usman Aleem <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: need advise
>Date: Tue, 27 Nov 2001 22:10:28 +0500
>
>Hi,
>
>I am undergrad student researching on my senior project idea.
>Basically I
>have a different idea implementing firewall (have not seen anyone
>done this
>yet).
>
>Essentially, I want to develop a software based bandwidth allocator,
>something similar to multiple queues in FRED gateways. There will be
>queues
>for each subnet in an organization. This way I can separate the type
>of
>traffic I have in my network. The servers can be put on a separate
>queue
>and (say) internet users can be put on another (the number of queues
>will
>be proportional to the number of subnets or security categories).
>With this
>I can provide different subnets with different bandwidths.
>
>Once I have achieved this I want to provide each queue different
>security
>levels depending on their traffic. I am thinking of editing the
>relevant
>parts of Squid proxy for this, this will help me in providing all
>the
>caching capabilities to internet users and the servers' traffic will
>just
>be allowed to go through.
>
>As the idea is still developing I just wanted someone to critique it
>and
>pose the problems or improvements. The bandwidth allocation part is
>fairly
>trivial but I really want to know is that if it would be a good idea
>to
>apply security in this fashion.
>
>I am also attaching a diagram which gives a very basic idea of my
>design.
>
>Regards,
>usman.
><< basicIDA-ver1.gif >>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
