It is often desirable to control the accessibility of computer system resources that are accessible directly or through networks such as LANs, WANs, and the Internet. Recently, security and access concerns have grown as malicious trespasses have increased the desirability to have improved access control. Further, the heightened state of awareness related to threats of cyberterrorism make the desire to reduce existing vulnerabilities greater than ever before.
Conventional virtual private networks (i.e., VPNs) and firewalls allow access holes to exist. Spoofing and other cracker techniques can enter through these holes resulting in a threat to data integrity. This creates a significant level of exposure which hackers, crackers, and criminals can and do exploit.
Third party solutions exist through which information technology (IT) organizations manage their community of legitimate access; however, because these are added as point solutions on top of an existing IT structure, various global access security issues are not resolved.
Most specifically, there exists a vulnerability in existing firewalls at the transaction level. Most security solutions focus on encrypting data or authenticating access; however, the system (e.g., a computer server) is vulnerable during the time when the transactions are taking place. While transactions are in process, applications must maintain state, similar to the continually maintained state when two people talk on a telephone network. While transactions are in process, enterprise systems are susceptible to break-ins, much like a telephone wiretap break-in.
FIG. 8 is a block diagram illustration of an existing protection system. A user desires to obtain access to a resource 804 using an access point 800. For example, the resource 804 may be an application or port on a computer server or computer network. Further, access point 800 may be, for example, an Internet connection or a network connection. Between access point 800 and the desired resource 804 is firewall 802, for example, a corporate firewall.
Establishing a connection through firewall 802 may be accomplished, for example, using a user ID and/or a password. After the connection is established, the user may access resource 804; however, resource 804 (and possibly other data on the computer server or network) is vulnerable to unauthenticated access through the legitimate connection established by the user through access point 800.
Yet another drawback to existing security systems such as VPNs (i.e., Virtual Private Networks), firewalls, and proxy servers is that they typically require proprietary bundled hardware and software.
As such, it would be desirable to provide a computer security system that results in improved protection of resources stored on a computer system.