1. Field of the Invention
This invention pertains in general to computer networking and security, and in particular to a firewall for protecting a computer from network-based attacks.
2. Description of the Related Art
The networked computing environment is wrought with constant threat. The threats are especially severe for new computers. A new computer typically includes the unpatched version (often referred to as the “shipped build”) of its operating system and/or other software. The shipped build of the operating system is often riddled with vulnerabilities that have been discovered since the operating system was shipped. These vulnerabilities can be resolved by downloading and installing the appropriate patches from the Internet. Therefore, one of the first tasks performed by a person installing a new computer is to connect the computer to a network in order to patch the operating system and/or other software.
The prevalence and spread rate of modern computer worms and other malicious software is so great that new computers are infected almost immediately upon being connected to a network. This problem is especially severe when an unpatched computer is connected directly to the Internet. However, even computers connected to a supposedly secure network can be infected by other, already-infected, computers on the “safe” side of the network. As a result, if one connects a computer having a shipped build of its operating system to almost any network, it is more likely than not that the computer will be infected before one can install patches or security software.
What is needed, therefore, is a form of protection for the computer for the period where one is connecting it to a network in order to install and patch vulnerable software.