The deployment of the EDVAC computer system is seen by many as the beginning of the “computer age.” Up until the mid 1990s, computer system usage increased gradually over the years. More recently, the widespread use of the Internet has caused a dramatic increase in the use and popularity of computer systems. This popularity has not come without problems, however. For example, when an individual makes a purchase “over the Internet,” the transaction must be secure to prevent unauthorized use of the individual's credit. Another example is the need for data and resource security. By data and resource security, we mean securing computer systems against unauthorized access (e.g., viruses, worms, etc.). This patent pertains to this latter security issue.
A firewall is a popular mechanism used to prevent unauthorized access to computer system resources. The firewall, which is typically implemented in software, is set up to guard against unauthorized access. The firewall accomplishes this task by preventing programs from accessing computer system resources through specific channels or paths that connect the computer system to an untrusted network (e.g., the Internet). These channels or paths are referred to as communications ports, or more commonly, as just ports (borrowing from nautical term). These specific ports are known to the firewall because they have been used in the past by those seeking unauthorized access. We refer to these specific ports within this patent as blocked ports.
Thus, when a firewall detects that access is being attempted via a blocked port, it simply denies access, causing the attempt to fail. While this approach works well from a security perspective, it has the negative effect of periodically blocking valid access attempts. Generally speaking, this problem is attributable to the fact that communications software (often called the communications stack) does not have knowledge of the ports considered blocked by the firewall. The problem is exacerbated by the dynamic nature in which ports are assigned to requesting programs by the communications stack. For example, an external program attempting to access a computer system's resources may be given a non-blocked port on first access attempt, a blocked port on a second access attempt, and a non-blocked port on a third access attempt. The first and third access attempts will be allowed to proceed by the firewall, but the second access attempt will be blocked. In the industry, this type of problem is called an intermittent failure. Failures of this sort are very difficult and costly to correct because they are difficult to reproduce.
It is evident, then, that a need exists for an improved system for preventing intermittent failures associated with firewall port access denials.