The Internet, sometimes called simply “the Net,” is a worldwide system of computer networks—a network of networks in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers). It was conceived by the Advanced Research Projects Agency (ARPA) of the U.S. government in 1969 and was first known as the ARPANET. The original aim was to create a network that would allow users of a research computer at one university to be able to “talk to” research computers at other universities. A side benefit of ARPANET's design was that, because messages could be routed or rerouted in more than one direction, the network could continue to function even if parts of it were destroyed in the event of a military attack or other disaster.
Today, the Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide. Physically, the Internet uses a portion of the total resources of the currently existing public telecommunication networks. Technically, what distinguishes the Internet is its use of a set of protocols called TCP/IP (for Transmission Control Protocol/Internet Protocol). Two recent adaptations of Internet technology, the intranet and the extranet, also make use of the TCP/IP protocol.
For many Internet users, electronic mail (e-mail) has practically replaced the Postal Service for short written transactions. Electronic mail is the most widely used application on the Net. You can also carry on live “conversations” with other computer users, using Internet Relay Chat (IRC). More recently, Internet telephony hardware and software allows real-time voice conversations.
The most widely used part of the Internet is the World Wide Web (often abbreviated “WWW” or called “the Web”). Its outstanding feature is hypertext, a method of instant cross-referencing. In most Web sites, certain words or phrases appear in text of a different color than the rest; often this text is also underlined. When you select one of these words or phrases, you will be transferred to the site or page that is relevant to this word or phrase. Sometimes there are buttons, images, or portions of images that are “clickable.” If you move the pointer over a spot on a Web site and the pointer changes into a hand, this indicates that you can click and be transferred to another site.
Using the Web, you have access to millions of pages of information. Web browsing is done with a Web browser, the most popular of which are Microsoft Internet Explorer and Netscape Navigator. The appearance of a particular Web site may vary slightly depending on the browser you use. Also, later versions of a particular browser are able to render more “bells and whistles” such as animation, virtual reality, sound, and music files, than earlier versions.
Today, the Internet being a public, cooperative, and self-sustaining facility accessible to hundreds of millions of people worldwide, the security of the Internet is most important and systems like firewalls are used for security as shown in FIG. 4.
A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
Basically, a firewall, working closely with a router (a logical device that routes the network information across networks, for example, routing network packets from private network to internet) program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.
There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol addresses. For mobile users, firewalls allow remote access into the private network by the use of secure logon procedures and authentication certificates.
However the function of the firewall is limited in providing security at the operating system level only. At the Operating System level, the TCP/IP network protocol is monitored and filtered by the firewall. But various applications, for example, a Web Browser uses HTTP application protocol on top of TCP/IP network protocol to communicate with a Web Server. With TCP/IP being a transparent protocol, the firewall, since it filters at the Operating System level, will not be aware of HTTP protocol and will not check the contents represented in HTTP protocol and will authorize it immediately without checking.
U.S. Pat. No. 6,499,107, has disclosed a method of identifying and stopping subsequent attacks based on attack signature left after the first attack. The method does not prevent the attacks in the first place, but based on a signature left, identifies them and prevents subsequent attacks. There is a need for a method that prevents the attacks in the first place itself.
U.S. Pat. No. 6,496,935, has disclosed a method of accelerating the process of firewall filtering, but the filtering is carried out only at the operating system level, such as dealing with TCP/IP only. It does not filter the contents at the application level. There is a need for a method that does the filtering of application level protocols such as but not limited to HTTP at the application level.
Published U.S. patent application No. 20030009689, has disclosed a method of relaying the message protocol from a network node inside a firewall protected network to the network outside the firewall by traversing the messaging protocol. The traversing is carried out to enable two-way communication between the network node inside the firewall and with the outside, which otherwise is difficult. But the method does not do the verification of contents of the messaging protocol for compliance, leaving room for the attacks to the application environment. There is a need for a method for interpreting the complete contents of the messaging protocol or the application network protocol and checking for its compliance with the protocol specification at IETF, thus preventing attacks to the application environment.
Examples of published documents that disclose technologies that deals only the operating system level verification but do not do application level packet filtering are:                i) IEEE published document part of 13th Annual Computer Security Applications Conference (ACSAC '97), Dec. 8-12, 1997, San Diego, Calif., Title: A reference model for firewall technology Internet URL: http://computer.org/proceedings/acsac/8274/82740133abs.htm;        ii) IEEE published document part of 2000 IEEE Symposium on Security and Privacy (S&P 2000), May 14-17, 2000, Berkeley, Calif., p. 0177 Fang: A Firewall Analysis Engine, Title: A Firewall Analysis Engine, Internet URL: http://computer.org/proceedings/sp/0665/06650177abs.htm;        iii) U.S. Pat. No. 5,832,208 discloses an anti-virus agent for use with databases and mail servers that principally detects and removes computer viruses located in attachments to e-mail messages. It does not prevent unknown viruses from attacking the systems in the network.        
Such limitations are often used as an advantage by attackers to attack the servers by exploiting the flaws in various implementations of the Internet application protocol such as but not limited to HTTP (HyperText Transfer Protcol), FTP (File Transfer Program), SSH (Secure SHell), HTTPS (Secure-HypertText Transfer Protocol). The implementations of the application network protocol are done at the application level leaving all the application vulnerable to attacks.
The attacks include tasks such as but not limited to stealing private information, trade secrets and other important information with the computers in the private network or in the home.