A. Field of the Invention
The present invention relates generally to network security, and in particular to apparatus and methods for authenticating a user for allowing access to resources on a trusted network.
B. Description of the Prior Art
Trusted networks provide security limit access to network resources by controlling information passing to, from, and between the resources. For example, information transfer may be controlled by user identification and authentication, access security levels, and physical measures.
Protecting data residing in a company's trusted network is paramount. The most difficult security situations arise when the public is given access to the trusted network, such as through the Internet. Web servers residing between the trusted network and the Internet provide access to databases or legacy applications residing within the trusted network, and may provide unauthorized access to the trusted network from the Internet. Several techniques have been used to make trusted networks more secure from unauthorized access.
Firewalls are one of the most common forms of security. A firewall is a system or structure that limits outside access to a trusted network by limiting the path through which information may flow. For example, whenever the outside web server needs access to the trusted network, the web server submits a request through a firewall port. The port only allows certain protocols, such as HTML, to a specific machine on the trusted network. Firewalls alone are not adequate, however, because they control access based on the location of the user, rather than the identity of the user.
Middleware is also frequently used. Middleware replaces general protocols, such as HTML and SQL, with application-specific protocols. For example, an application issues a request for services in an application-specific form to the middleware residing in the trusted network. The middleware then receives the request and translates it to a general protocol understood by the server. Intruders, however, can monitor communications between the outside web server and trusted network server, and eventually identify the protocol and patterns of the packets being handled by the middleware. Based on the protocol and patterns, an intruder can access the network to request a service.
To prevent an intruder from monitoring communications, encryption can be incorporated into the architecture. Although effective, encryption does not prevent an intruder from breaching security.
Because no security architecture is 100% secure, multiple security measures are often combined. One approach uses a sub-network that isolates databases from the trusted network. If an intruder gains access into the subnet, the worst that can happen is data residing within the subnet is compromised, but the rest of the trusted network remains secure. This scenario may be adequate in cases where there is no need to interface with other databases or legacy systems within the trusted network.
FIG. 1 is a block diagram showing a typical trusted network security system. The goal of the system is to ensure that resources on trusted network 138 are not improperly accessed by outside entities, such as client browser 110. Access to trusted network 138 is limited in several ways.
Firewall 118 is the first line of defense for providing security to trusted network 138. Firewall 118 may, for example, limit the types of protocol transferred from Internet 114 to DMZ network 122. Web host 126 processes URL requests from client browser 110, and forms a request that is sent over trusted network 138 to database server 142. The request is sent through firewall 130, which provides yet another line of defense. Firewall 130 may also limit the types of information sent by web host 126 to database server 142.
Database server 142 performs a further level of security by insuring that it only processes requests received from web host 126. When web host 126 makes a request, web host 126 also sends a web server identity code with the request. Database server 142 checks the identifier to authenticate that the request is from web host 126. If database server 142 determines that the request is from web host 126, database server 142 retrieves the requested information from database 134, and returns the information to web host 126. Web host 126 transmits the requested information to client browser 110 over DMZ network 122 and Internet 114.
Although firewalls 118 and 130, and authentication of web host 126 by database server 142 provide some security, it is still possible for an intruder to breach security and improperly access resources on the network, such as DB 134. The user at client browser 110 may repeatedly attempt various combinations of access to trusted network 138 until one is found that breaks through the system. Therefore, breaches of security are still possible even with two firewalls and the web server verification performed by database server 142. What is needed then is a higher level of security for trusted network 138 in order to allow access by users on the Internet in a controlled and secure manner.