1. Technical Field
The present disclosure relates to security and, more particularly, to methods and systems for computer security.
2. Description of the Related Art
With the growth of the Internet, the increased use of computer systems and the exchange of information between individual users pose a threat to the security of computers. Computer security attempts to ensure the reliable operation of networking and computing resources and attempts to protect information on the computer or network from unauthorized access or disclosure. Computer system(s) as referred to herein may include(s) individual computers, servers, computing resources, networks, etc. Among the various security threats that present increasingly difficult challenges to the secure operation of computer systems are hypertext transfer protocol (HTTP) attacks, computer viruses, worms, Trojan horses, etc. HTTP attacks are often targeted at exploiting known web site vulnerabilities by manipulating application behavior for malicious purposes. Computer viruses are programs that can infect other programs by modifying them in such a way as to include a copy of themselves. Unlike computer viruses, worms do not need to infect other programs. Worms are independent programs that are capable of reproducing themselves, spreading from machine to machine across network connections.
These threats prey on system vulnerabilities and have proven themselves to be extremely destructive, often times altering databases, destroying electronic files, and even disabling the computer network itself.
System administrators responsible for the efficient day to day operation of computer networks may use many different techniques to protect the system from such attacks. Those techniques may include installing firewalls, utilizing virus checking software to detect viruses, and employing patching software to counteract contracted viruses.
A firewall is basically a separate computer system and/or software system composed of a set of related programs that is placed between a private computer system and a public network (i.e., Internet). A firewall provides security protection to the system by screening incoming requests and preventing unauthorized access. Firewalls operate by working with router programs to determine the next destination to send information packets, ultimately deciding whether or not to forward the packets to that location. Firewalls can also impose internal security measures on users in the system by preventing them from accessing certain materials, such as websites on the World Wide Web, that may have unknown and potentially dangerous security consequences.
Proxy servers, often associated with firewalls, are programs that act as intermediaries between web servers and web browsers. More specifically, proxy servers forward requests from users in the private network through the firewalls to Internet services, retrieve the requested information, and return it to the web server. Reverse proxy servers work like normal proxies; however, they operate in the reverse. That is, they forward requests from the Internet often through a firewall to the private network's server(s) and other hardware, retrieve the requested information, and return it to the Internet user.
Virus checking software operates to protect the network from the spread of viruses by detecting the virus and isolating or removing the viral code. Virus checking software may be employed in each computer connected to the network (through the desktop) and/or at the server level (through a firewall). Virus checking software may contain a list of previously defined virus signatures, containing binary patterns, each associated with a virus. The system scans the various files of the system looking for a match to a particular virus signature. If a virus is detected, the user is notified and further steps may be taken to rid the system of the malicious code. The problem with anti-virus programs is that they should be continuously updated to be able to detect new and modified viruses. This not only proves to be a very tedious and time consuming task for very large networks that have hundreds of users, but even for small networks and individual computer users, it may not happen often enough to provide adequate safeguards against foreign intrusions. Furthermore, although the anti-virus software may detect viruses present in the system, it does nothing to prevent them from infiltrating the system in the first place.
Patching is the process by which security holes and system vulnerabilities are closed through the application of a “patch”, updated software code that is used to address bugs. However, in large companies, to ensure that the application of a patch will be feasible, system administrators are forced to comply with specific procedures before applying patches, for example, to ensure that the patch will do no further damage to the system. These procedures often take time and increase the chances that an exploit will be able to compromise the organization's web servers before the patch is even applied. In addition, a more prevalent problem with patches is that system administrators of large and small companies alike, need to continuously monitor appropriate information sources to be aware of new patches. Thus, administrators are burdened with continuously keeping up to date to minimize the chance of security breaches.
An example of an email system is shown in FIG. 2. The system includes an email server 21 and clients 24 which may or may not be on a same network. Email destined for clients 24 is received from the Internet 26 and stored in email server 21. Clients 24 can then access their email by, for example, sending a request to email server 21.
The use of malicious email to spread viruses has grown along with the growth of the internet. An email attack may be carried out by including malicious code in the body of the email message itself or in any attachments to the email. For example, email viruses exist in which malicious code is included in the email message or in the attachments to the email. When the email or attachment is opened, the malicious code is downloaded to the user's computer system. The malicious code may then email copies of itself to other systems utilizing addresses located in email address books found on the user's computer system. These are examples of the types of attack which can be addressed by the present disclosure.
Accordingly, it would be beneficial to provide a method and system for preventing security breaches and ensuring that exploitation of system vulnerabilities will not come to light.