The Internet has become increasingly popular, allowing business users and consumers to interact with one another. However, security has become an increasing concern with use of the internet. Especially for businesses, which is to allow Internet connectivity to their private networks, there is the threat of hackers gaining access to such private networks through the Internet. To ward off these malicious attacks, many administrators of networks are using mechanisms that are designed to protect the networks against such attacks.
One such mechanism is the firewall, a combination of hardware and software usually located between a private network and the Internet gateway for the network. Requests for information over the Internet from nodes within the network are routed through the firewall. Likewise, information received from the Internet is first received at the firewall before being distributed to the appropriate node(s) on the private network. Thus, the firewall is able to monitor, inspect and filter all requests bound for or incoming from the Internet, to ensure that outgoing requests adhere to stated policies, and incoming requests are not malicious attacks on the network the server is designed to protect.
Within the prior art, firewalls generally perform one-phase filtering. That is, all Internet-bound and internet-incoming traffic is received at a single level at the firewall before going on to its true destination. However, because the number of protocols used for Internet communication is increasing, and because the number of different types of attacks that can be lodged against a network from over the Internet is also increasing the complexity of firewalls is correspondingly increasing as well. Such complexity itself is, unfortunately, also a point of weakness, because as the firewall becomes more complex, the developers are less likely to be able to determine a priori every possible manner by which access can be improperly granted by the firewall.
For this and other reasons, therefore, there is a need for the present invention.