The firewall offers an effective hardware solution for traffic management. Photo: Rodion Narudinov
Scientists at Ural Federal University are developing a firewall designed to protect computers from various cyber threats, including phishing, backdoor access, DDoS attacks, and more. This project is part of the portfolio of Ural Interregional Research and Educational Center.
“The firewall is intended for filtering traffic entering complex computer systems used in industries such as oil and gas extraction, as well as cellular and internet communication equipment,” says Andrei Gusev, a senior lecturer at the Department of Radio Electronics and Communication at IRIT-RTF UrFU. “This firewall acts as a virtual processor with a known instruction set, allowing for the implementation of this technology as a hardware accelerator under the control of a management device. This is a hardware solution, not a software one. With proper development and configuration, such a device can protect systems from a wide range of attacks.”
What sets this firewall apart is that it is produced using specialized programmable logic chips, enabling the hardware implementation of data packet filters coming from the internet.
“In other words, this device allows for real-time filtering and rejection of data before it even enters the computer system,” notes Gusev. “We are talking about high-speed gigabit communication channels here. Besides industrial automation, there is significant potential for use in the Internet of Things. Implementing such filters on every IoT device can be costly. An alternative is to create relatively inexpensive hardware devices that are easier to configure and use.”
According to Gusev, the evolution of Unix systems has shown that the abstraction of a simple, fast, and safe virtual processor is in high demand today. This reliability is crucial for large enterprises using automated control over various production processes, as even the slightest external intrusion can negatively impact operations.
The traffic filtering module is being developed by the Engineering School of Information Technologies, Telecommunications and Control Systems (IRIT-RTF) UrFU in collaboration with KIT, part of the UDV Group. The project is supported by the USSC company.
As noted by Pavel Bogdanov, head of the software-hardware complex development department at UDV Group, the standard firewall procedure effectively blocks illegitimate traffic.
“Thanks to a separate hardware module, we can achieve the required traffic speeds for business while filtering,” says Bogdanov. “Currently, there is a trend towards decreasing performance growth rates for new generations of processor systems, while demands for traffic processing speed are only increasing. Therefore, we see potential in creating dedicated specialized hardware devices that can offload decision-making from the main processor module. Our clients primarily include companies involved in industrial automation that use firewalls not only for perimeter control but also as segmentation devices to manage internal data flows, which can significantly exceed cross-border connections. The firewall is currently in the prototyping stage, with active development and testing procedures underway. We are currently testing prototypes developed in collaboration with UrFU on our internal testbeds.”