Communications and exchanging data among locations on the Internet continue to grow at a rapid pace. As one consequence, providing security for a computer network to prevent disruption of network operations is an increasing concern for network administrators. A security measure that has become standard practice is to install a “firewall” on the network. A “firewall” is defined herein as any chokepoint on a network that utilizes a set of rules to determine if access to or from the network should be allowed or denied. An attempt to access an Internet location, or website, is formatted within a protocol known as an Internet Protocol (IP). The location of a website is identified by an IP address.
The firewall screens data using a set of rules, typically input at the time of install by a network administrator. Screening may include content filtering. Alternatively or additionally, the rules base to allow or deny access may be based on three data sets: (1) a source IP address, (2) a destination IP address, and (3) the port being utilized for the communication. The Internet Protocol clearly defines the dynamics of this criteria. Also known are the techniques required to create firewalls based on this criteria.
A network user at a computer or other Internet-enabled device may initiate contact with a website by sending a request using the IP address of that website. However, the IP address is a long and awkward numerical address that is difficult to remember. Moreover, the IP address of a website may be dynamic. A domain name may be used instead. The domain name (for example, www.mywebsite.com) is a name that can be translated by the Domain Name Service (DNS) to an IP address. A Universal Resource Locator (URL) is typically based on a domain name with the protocol specified (http://www.mywebsite.com, for example). The URL is translated into the appropriate IP address by the DNS. Hence, a user request for access to a website will normally make two requests over the Internet. The first request is the DNS request to perform the translation of the domain name portion of the URL to an IP address. The second request is to that actual IP address of the requested URL.
The DNS is a system of servers distributed throughout the Internet. The DNS servers map the easy-to-remember domain names to their IP addresses. The Internet is large and widely distributed, and so are the DNS servers. For performance reasons, the DNS system may return multiple IP addresses in response. Also, to optimize routing, different IP addresses may be returned for identical DNS requests originating from different parts of the world. In addition, the IP addresses returned in response to identical DNS requests may change over various periods of time. Since a DNS request may result in a number of IP addresses being returned and those IP addresses changing over time, firewall screening based on IP addresses can be problematic.