Building an integrated security gateway: Mechanisms, performance evaluations, implementations, and research issues

Network security has become a critical issue for enterprises. This article first gives a tutorial of each basic component of a security gateway, including the firewall, content filtering, network address translation (NAT), the virtual private network (VPN), and the intrusion detection system (IDS). The building of an integrated security gateway, using various open-source packages, is then described. Conflicts among the packages are resolved to ensure interoperability. Next, we internally/externally evaluate the performance of each component with six commercial implementations to identify the problems for future research directions. Readers can understand how these components deliver secure operations, how a packet can properly traverse through such a gateway, and how many resources are consumed in each software component. Selected packages include the Linux kernel, ipchains (packet filter), Squid (URL filter), FWTK (content filter), FreeS/WAN (VPN), and Snort (IDS). ipchains and FreeS/WAN are found viable, but FWTK and Snort suffer performance problems. Further examining their source code and data structures reveals the improper implementation in FWTK and the less scalable linear matching algorithms in ipchains and Snort. Finally, several approaches to scale up these software components are suggested to improve the performance. Note that installing such a security gateway does not mean secured. This study focuses on building a product-like security gateway and on evaluating its performance. The integrated system with a self-developed Web management console is publicly available for downloading.