Internet security has increasingly become the focus of information technologists who participate in globally accessible computer networks. In particular, with the availability and affordability of broadband Internet access, even within the small enterprise, many computers and small computer networks enjoy continuous access to the Internet. Notwithstanding, continuous, high-speed access is not without its price. Specifically, those computers and computer networks which heretofore had remained disconnected from the security risks of the Internet now have become the primary target of malicious Internet malfeasors.
To address the vulnerability of computing devices exposed to the global Internet, information technologists intent to provide true, end-to-end security for data in the Internet through secure communications. The Internet Security Protocol, known in the art as “IPsec” represents a common form of secure communications for use over the Internet. In IPsec, communications between source and destination nodes over a communications path in the Internet can be administered in accordance with a security association (“SA”). An SA defines how IPsec processing is applied to the communication. IPsec is defined in the Request for Comment (RFC) 2401 superseded by RFC 4301 among other RFCs.
The secured communications path defined between two IPsec endpoints often incorporate one or more security enforcement points such as a firewall. Security enforcement points are often positioned in the midst of an IPsec secure communications path and do not perform IPsec SA processing. In this circumstance, a security enforcement point positioned within the secure communications path will have no method for inspecting encrypted data in a traversing IPsec SA. Consequently, the security function of a security enforcement point in a secure IPsec communications path will have become inoperable as most security functions require access to unencrypted, clear-text data. Current systems generally do not provide the security enforcement points any encryption algorithms or session key information so that security enforcement points can perform their functions correctly.
Therefore a need exists to overcome the problems with the prior art as discussed above.