Currently, the public at large increasingly uses the Internet as a source of information and for communicating. Thus, many networks, which otherwise desire to maintain a high level of security, need to share or expose limited data/resources, or to import data from parties whom are not trusted, without opening a “hole” into their sensitive resources. For example, in electronic commerce (e-commerce) applications, a company maintaining an “Internet store” would like to expose the “Internet store”, but definitely would not be willing to jeopardize the internal accounting database of the company by doing so. In another example, a telecommunication company may want to provide its clients with on line monthly statements, but would not be willing to take the chance of a “hacker” hacking into their telecom switches through this on-line connection. In still another example, a classified military base might want to import weather forecast information without the possibility that sensitive information would leak outside.
Today's methods of connecting networks use technologies developed for general connectivity. These technologies consist of complex communication protocols that were developed to allow interoperability among different software and hardware elements, and to provide flexibility, diversity, robustness and transparency. A major example of such protocols is the TCP/IP (Transmission Control Protocol/Internet Protocol) family of protocols. Other examples of protocols are DECnet, SNA and Novell. Security was not a dominant consideration while developing the technology for general connectivity. Furthermore, security and robustness are, by nature, at least in part contradictory to each other. More specifically, the higher the complexity levels of a system, the greater the chances that it contains some vulnerability when attacked by a hacker.
In order to address the deficiency of security in the general connectivity methods, firewalls were introduced which are generally implemented in complex software. A firewall is typically located at a network node that monitors all communication passing into the network from an external source such as another network. FIG. 1 illustrates an example of a firewall (FW) used to connect an internal network NET2 with an external network NET1. In this example, external network NET1 is a WAN (Wide Area Network) such as the Internet, and NET2 is a LAN (Local Area Network), although the principles of the invention apply to networks generally.
A significant purpose of firewall FW is to block communications from NET1, which are suspected to be hostile. However, this is a patch to the problem and not a real solution, for the following reasons:
1. The firewall is a node in the internal network NET2. As such, the firewall is susceptible to attacks on its operating system, protocols or applications by a hacker. Once the firewall node is taken over, the entire firewall functionality can be overridden and disabled by the hacker. Since the firewall is the last line of defense for entry into the network, when the firewall fails the internal network is exposed.
2. The firewall attempts to be transparent to applications and to be flexible enough for all the configurations the organization of NET2 may require. The firewall also relies entirely on a human to configure the firewall to separate “good” from “bad” communications. Since the needs of the organization using NET2 constantly change, the software configuration of the firewall is constantly changed to accommodate changing needs. As a result of frequent changes, the probability of a mistake being made that could compromise the security of the network increases.
3. The firewall itself must be a complicated system in order to “understand” the communication passing through it. As such, the firewall may contain software bugs or design flaws or unhandled cases that can be exploited by a hacker. In addition, sometimes it is impossible to determine if a communication is valid or not without having access to a broader context which may be unavailable to the firewall.
4. In order to accommodate regular and transparent connectivity, the firewall is usually allowed to pass all kinds of management and internal protocols. Since clients are often unaware of this, they may not take this into consideration when assessing the risks of using the firewall. For example, when importing a file into the network, it is usually necessary to configure the firewall so that it will allow FTP (File Transfer Protocol), TCP, DNS (Domain Name System), ICMP (Internet Control Message Protocol) and other control messages to pass through.
Hence, there is need for a new technology that is built with security in mind from the beginning, and which will provide a very specific and important kind of connectivity between an internal network and an external network.