1. Field of the Invention
The present application is related generally to a data processing system and in particular to a method and apparatus for network security. More particularly, the present application is directed to a computer implemented method, apparatus, and computer usable program code for an origin security check to authenticate a user to a network.
2. Description of the Related Art
Currently, computer network security is of increasing importance due to the often sensitive nature of information stored on commercial and governmental network computers and databases. For example, a bank's Ethernet network computers and databases may contain customer names, account balances, bank account numbers, addresses, phone numbers, social security numbers, and other confidential and personal information. An unauthorized user may be able to access one or more of the bank's computers and/or databases locally from a computer connected to the Ethernet. The bank's computers may also be connected to a remote network, such as the Internet. In such a case, an unauthorized user may be able to obtain access to the bank's computer system remotely through the Internet network connection.
Current network security options designed to prevent an unauthorized user from obtaining unauthorized access to a LAN network include a firewall. A firewall is an information technology security device that acts as an intermediary between a network with a low trust zone, such as the Internet, and an internal network, such as an Ethernet network, with a high trust zone. A high trust zone is a zone within a network or data processing system that imposes security measures to secure data. For example, a high trust zone may require users to be authenticated with a security password. Thus, users that gain access to a high trust zone are trusted. A low trust zone typically requires minimal or no security clearance to access the zone. Therefore, users in a low trust zone are less trusted because they have not been authenticated as trusted or authorized users.
The network firewall typically prevents users in the low trust zone network from obtaining access to an internal network without a valid user authentication. A user authentication protocol typically requires a client requesting access to the network to enter a user name and password. The user name and password are verified to ensure the user is authorized to access the internal network before allowing the client to connect. Thus, the firewall is intended to prevent unauthorized access to a network.
However, if a hacker is able to breach the network firewall, the hacker may be able to sniff passwords and user names from the internal network. The hacker may then be able to log on to the internal network by using an authorized user's name and password that the hacker has commandeered. Once the hacker has gained access to the system, the hacker may be able to access sensitive information stored on the internal network.
Telnet is a terminal emulation program that is used by a client computer to connect to a server on a network. A client starts a telnet session by logging in to a server using a valid user name and password. However, telnet sessions are unencrypted. Telnet does not encrypt any data, including user names and passwords, sent over the telnet connection. Therefore, if a hacker is able to access a router, switch or gateway located on the network between the client and server using telnet, the hacker may be able to view unencrypted user names and passwords. The hacker may then use the snooped user name and password to access other protected resources.
Thus, current solutions do not provide an effective means to prevent a hacker from gaining unauthorized access to protected network resources using a valid user name and password that the hacker obtained by hacking into a network.