Floodgate Packet Filter – Embedded Firewall
Floodgate Packet Filter is an embedded firewall that allows networked devices to control the packets they process. Floodgate protects against potentially malicious attacks by filtering packets before they are processed by an embedded device.
Floodgate uses a two stage filtering engine that provides both threshold and rules-based filtering. Threshold-based filtering protects against denial of service (DoS) attacks, broadcast storms, and other conditions that result in a flood of unwanted packets. Rules-based filtering allows packets to be blocked based on static criteria such as port number, protocol, or source IP address.
Library for Embedded Devices
Floodgate is a source code library that provides packet filtering capabilities for embedded devices. Floodgate uses callback routines that are inserted into the device’s packet processing code. Layer-based callbacks allow filtering to be easily inserted at any layer in the network stack for maximum flexibility.
Internet Threats for Embedded Devices
In enterprise environments, firewalls, intrusion prevention systems and other security devices protect against Internet threats. In the embedded environment, including military and aerospace, devices are built using smaller processors and without the defenses found in more sophisticated environments. As a result, embedded devices are vulnerable to DoS attacks, packet floods and other Internet attacks.
Features & Benefits
- Allows OEMs to easily add firewall security to existing products or new designs.
- Portable source code for use with any embedded OS.
- Fully configurable rules engine allows full control over filtering behavior.
- Small footprint and optimized design for embedded systems.
- Unique two-step filtering engine first blocks packets using filtering rules and stateful packet inspection and then using thresholds to protect from Internet threats, network traffic floods and DoS attacks.
- Static filtering blocks packets based on configurable filtering rules. Supports filtering by source IP address, MAC address/type, port, protocol or user defined criteria.
- Built in Stateful Packet Inspection (SPI) filtering for TCP/UDP and ICMP packets.
- Threshold-based filtering blocks packets in real time based on threshold crossings.
- Supports both white list and black list filtering.
- Layer-based callbacks allow filtering to be inserted at any layer in the network stack for maximum flexibility.
Medical Devices for home & hospital use, Server and Storage Networking, Telecom/Networking, Military/Aerospace, Industrial Controls, Consumer Devices, Mobile/Handheld