Chip firm Nvidia will this week announce a motherboard chipset with dedicated hardware to support a client-side firewall. The nForce4 chipset offloads from the processor the task of inspecting data traffic, so it can secure a PC without slowing performance.

The Nvidia nForce4 chipset is shipping now to motherboard makers and system builders, and is expected to appear in PCs before the end of the year. However, the system only supports 64bit AMD chips, while most companies still only buy desktops running Intel processors.

Unsecured networks are a major threat to business, according to Nvidia. "Newly deployed Windows PCs can get infected in seconds, just by being connected to the network," said Drew Henry, general manager of Nvidia's platform business. But he added that software-based firewalls cause the lion's share of processor time to be devoted to filtering IP traffic, especially when using high-speed network technologies such as Gigabit Ethernet.

The Secure Networking Engine (SNE) inside nForce4 serves as dedicated hardware for the Nvidia Firewall app that ships with it. The SNE performs stateful inspection on all data coming in from nForce4's integrated Gigabit Ethernet adapter and blocks any bad packets. "And the advantage is, we can do this at full Gigabit Ethernet speed without slowing down the CPU," Henry said.

Nvidia said that the SNE also monitors outbound traffic, and can alert the user if an unknown program tries to open an internet connection. This capability is already supported by firewalls such as ZoneAlarm from Zone Labs, but not by the Windows Firewall that ships as part of Microsoft's SP2 update for Windows XP.

The Nvidia Firewall ships with predefined security profiles to make it easier to use, but administrators can create customised profiles for their firms' security policies and deploy them using standard management tools, according to Henry.

Nvidia said its system is compliant with Microsoft's TCP Chimney Architecture, a forthcoming Windows API that will support the offloading of portions of the TCP protocol stack to hardware, typically a LAN adapter.

The nForce4 is the first chipset for AMD's Athlon 64 and Opteron chips to support the new PCI Express I/O standard, according to Nvidia. As well as integrated Gigabit Ethernet, it supports a faster 3Gbit/s interface for Serial ATA (Sata) hard disks, and the 1GB/s version of AMD's HyperTransport technology that links the chipset to the processor.

Three versions of the nForce4 chipset are shipping. The baseline nForce4 lacks SNE, while the nForce4 SLI supports multiple Nvidia graphics cards. Business desktops will likely use the mid-range nForce4 Ultra. An nForce4 Pro chipset to support dual processors on workstations is planned.