It is commonly known that gigantic quantity of information is contained in the memory of modern computers; damage, loss or disclosure of such information may lead to serious material and/or political losses. Therefore, damage of SW and especially DB or KB by computer viruses and theft or changing of data have become long ago a serious threat even to home PC owners, nothing to say about corporations, individual state organizations and states on the whole.
Actually, computer owners often suffer from viruses received accidentally either from the Internet or along with letters from E-mail or during data exchange with other users using floppy disks or other self-contained means for data storage and communication. And though the development and distribution of new viruses are usually not goal-seeking hooliganism, it is as more dangerous as less prepared are certain users to virus attacks.
Still more dangerous is intended, goal-seeking cracking of databases of corporations, banks and public institutions by crackers. Not infrequently, they act by the orders from competitors or terrorists, using more and more sophisticated cracking software of the ‘worm’ and/or ‘Trojan horse’ types. Especially dangerous in the modern world is cracking of military dataware systems and troops control systems, which can open up unexpected possibilities for committing acts of terrorism.
It is clear from the above, that the means for preclusion of said threat must be effective as much as possible regardless of the source and nature of the threat, reliable, simple, user friendly and sold at a reasonable price.
Unfortunately, only some of those requirements can be successfully fulfilled at present.
Well known are, e.g. means for reducing probability of unauthorized access to computer memory, such as alphabetic, numeric and alphanumeric passwords. They are cheap, simple and easy-to-use.
However, in the course of development of the art of hacking, it has turned out that such ‘verbal’ passwords are noticeable obstacles only for novice users. Actually, nowadays even iconic passwords of the sort of fingerprints or iris of the legal PC user, which are substantially more expensive in use, do not protect the computer against cracking. Moreover, no passwords can protect SW, DB and KB against infection with viruses and against damage.
It is clear that creation and distribution of antiviruses, and, lately, antiviral software complexes with heuristic components reduce losses of damage of SW, DB and KB. However, this way is effective only in case the attack is done by identified viruses against which antiviruses have been created.
Another commonly known method of reducing the probability of unauthorized access to the computer memory is based on the utilization of cryptography (see chapter Conspiracy—Fiction and Reality in the book “Internet Security Secrets” by John R. Vacca, IDG Books Worldwide, Inc./— . . .  Internet.—: , 1997).
Unfortunately, this method is useful for safe data exchange only between users well acquainted to each other, whose circle is very narrow, said method involving codes that comprise more than 128 bits. This makes the computer protection extremely expensive and constricts the potentialities of information interchange via arbitrary communication links.
Therefore, workers in the art more and more often tend to erect obstacles between individual computers and communication links open to general use, such obstacles being called ‘firewalls’.
Any modern firewall comprises a firmware complex that provides for filtering entries (e.g. net traffic), extracting (in accordance with pre-selected criteria) suspicious entries and either precluding their access in the protection zone or temporarily isolating them, e.g. in a ‘sandbox’ for the follow-up inspection out of contact with the native DB or KB.
Thus, U.S. Pat. No. 6,275,938 discloses a method for verifying suspicious programs engineered for running directly on computer platform having memory modules and interface. The method comprises:
extracting a predetermined limited storage area (‘sandbox’) in the computer LTS for logging and storage of suspicious programs,
loading such programs into said sandbox,
entering a check code in each suspicious program for blocking external links of said sandbox,
replacing concatenations in the code for the interface module with concatenations with a conversion module for suppression and blocking the operation of certain parts of the interface module, and
check-running the suspicious program.
Such verification includes the usage of the native hardware and software of the computer to be protected. Therefore, even in case the users of the protected computers take an active control over the verification, professional crackers can breach the firewall. Moreover, not only suspicious programs can be the carriers of worms and Trojan horses but also textual and/or iconic messages taken from the Internet, which are inoffensive in appearance, may happen to be such.
More effective are firewalls that:
are automatically inserted on detecting such patterns of activity in messages received via communication links that indicate an attempted breach of the safety system (U.S. Pat. No. 6,304,975); or
are equipped with additional input-output interfaces utilizing codes of the type ‘friend-foe’ well-known to those skilled in the art.
However, automatically controlled software firewalls are not effective when crackers use such cracking software that have not been considered in the protection program, and utilization of said codes is actually possible only in relatively closed net of the Ethernet type, were each user receives the code ‘friend’ prior to coming into contact.
Therefore, creation of firewalls for such PC and computer systems that are to operate in the mode of free data exchange with other computers via arbitrary communication links and particularly via Internet remains an actual problem.
To overcome that problem, it is advisable to use additional hardware having native software. According to the available data, the most alike with the method and device of the invention are method and device for protection of computer memory against unauthorized access of outside users via Internet disclosed in U.S. Pat. No. 6,061,742.
Known method is based on partitioning the data received from an external net via public communication links and instructions for controlling the processing of data incoming from the protected computer.
To practice the method, an intermediate net adapter is suggested that comprises:
a first interface for data exchange between the external net and this adapter, a second interface for data exchange between this adapter and a native net interface of a protected computer, and
an external controller (processor) connected with said net adapter and designed for partitioning the data received from an external net via the first interface and instructions incoming from the protected computer via the second interface.
Such increase in the number of ‘moderators’ between individual computers (including those incorporated in the local net having a common control center) and an external net reduces the risk of unauthorized access to the protected data via Telnet, FTP or SNMP, but it does not exclude cracking DB and/or KB and/or damage of SW when utilizing new net protocols. Actually, the known arrangement does not provide for complete isolation of LTS and OS of the protected computer against attacks from the outside.