When providing security for a network, one traditional method is a firewall at the perimeter at the network. However, it is desirable to allow authorized users to connect to the network remotely. For example, a corporation may wish to allow its employees to connect to a corporate network from home. While a perimeter firewall provides protection to the network from unauthorized access from remote devices, it may not be effective to protect against a security breach originating from an authorized device. For example, an employee may present a security risk due to his home computer being compromised.
One conventional method of providing security for a network is via software implemented firewalls. While software firewalls may be implemented on the devices that are physically remote from the network, the software firewalls are susceptible to attacks from Trojan programs and other hacking methods. For example, the data may flow from a communication device providing the network interface to a host device's operating system software stack where the software firewall performs its rule checks to determine whether the data should proceed further up the software stack. (And for outbound data the software firewall again resides at a point well above the network interface.) Numerous examples have been reported in which such software firewalls have been compromised.
Thus, while a corporation may desire that its employees are able to access portions of the corporate network from home or elsewhere outside the office, this presents significant security concerns. Even if the corporation provides its employees with a software firewall for their home computers, an employee's computer may be compromised without the employee's knowledge by a Trojan program, for example. Furthermore, when the employee logs into the corporate network, the perimeter firewall inside the corporate network provides little security.
Other conventional methods provide for a hardware implemented firewall by implementing a firewall on a network interface card (NIC). The corporation may then provide each employee with such a NIC. So long as the employees use these NICs, the network may be protected better than with software firewalls. However, many individuals already have legacy NICs without such firewalls. If the employee uses such a legacy NIC to connect to the corporate network, corporate network security may be compromised as the employee's computer is left unprotected.
Thus, a need has arisen for a way to prevent unauthorized access to a network. A still further need exists for a method that provides protection for a network that has devices making remote or local connections. An even further method is needed to provide protection that is not easily defeated by hacking techniques such as Trojan programs.