Communication network gateway devices, such as network firewalls, govern the passage of information in and out of a given network or individual network nodes, such as a personal computer.
Presently, various types of network firewalls exist to prevent unauthorized communications from entering or leaving the network. Such communications are exchanged, for example, between internal nodes within the network and external nodes outside of the network. These network firewalls filter information based on address information, for example an Internet Protocol (IP) address and respective port, communication protocol, for example a User Datagram Protocol (UDP) or a Transmission Control Protocol (TCP), or application protocol, wherein the state of an application is monitored to ensure that the application is requesting a communication channel in accordance with expected behavior.
Other tools that govern network communications include content filtering and virus detection tools.
Content filtering tools are typically employed to permit or prevent access to code, control, data, mobile code, application state, service state, machine state (including virtual machines), or other services (herein referred to as “information” or “content”). For example, content filtering can be used to permit or deny access to information, such as proprietary materials (e.g. company secrets), licensed content (e.g. movies or applications), or obscene or other objectionable material. Such filtering tools govern access to information based on content headers (e.g. magic numbers denoting file types), content signatures (e.g. cryptographic hashes over some portion of, or possibly the entire, payload), payload type, network addresses, keyword searches and pattern matching, or rating information provided by the author of the material or by a review board.
Virus detection tools are also used to filter network communications, often at network gateway choke points, to prevent the reception, infection, or transmission of malicious information (e.g. code or data) such as worms, viruses, Trojan horses, etc, between networks or network entities. In the context of communication networks, virus detection tools scan payloads searching attachments or files for virus code. Typically these searches are for specific strings, or code segments identified by a master database.
Also in existence are services such as program execution and authentication control. For example, a computer wishing to launch an executable sequence must send a communication to a service on the network in order to determine if the user has permissions to execute the program or, for example, to determine if the program has been illegally or maliciously tampered with. The service determines if the program can execute or not. These and other prior methods either rely on a predetermined/pre-identified list or database to identify content (or classes of information), or only apply to specific information types requiring special payload structures, encodings, or packaging (e.g. digital rights management solutions).