摘要 |
Disclosed herein is a method of improving a security performance in a stateful inspection of TCP connections. In the security performance improvement method, a stateful inspection computer, placed between first and second hosts in which TCP connections are set up, creates a single session entry corresponding to a new SYN packet whenever the new SYN packet is generated between the first and second hosts. A state of connection progress is updated whenever a packet for a flow between the first and second hosts arrives at the stateful inspection computer. It is determined whether a time required for the updated connection progress has exceeded a predetermined timeout. Further, a session entry in an embryonic connection stage exceeding the timeout is purged. Accordingly, the present invention is advantageous in that it efficiently uses the memory of a stateful inspection computer, maintains lookup performance, and continues stateful inspection even in the face of network attacks, thus improving security performance of the stateful inspection computer.
|