There has been quite a bit of discussion lately on the subject of ATM
security and also what vendors are doing, product wise. I am a product
manager at NSC who is working on our ATM security developements and I would
like to give a bit of info on what we are developing (flames expected).
What we are doing is implementing ATM security policies via access control
and content checking (with integrated encryption to follow). This approach
allows you to filter based on IP (in it's cellified form) and ATM, while
maintaining line rates (OC3). Filtering can be based on source and
destination address (exact addresses or ranges) as well as logical ports.
The unit itself is transparent to the network.
Filtering and content checking is done on cellified traffic which allows us
to maintain the high speeds, however we have a logging tool that allows you
to see the specific TCP/IP information about the rejected
connection/transaction. This tool shows you what types of transactions are
being denied and gives the feedback to ensure your policy is correctly
Our overall goal is to provide the firewall capabilities currently found in
firewall products on the market today -- for ATM. Another goal is to
provide a level of granularity that allows you to have a security policy for
each VC -- this also enables selective encryption on a per VC basis as well.
For example -- one could write their security policy to say... email from
me to you is allowed and encrypted, and ftp is allowed from me to you, but
not from you to me, we both can Telnet either way.
If anyone has questions -- feel free to contact me directly at