Conventionally, firewalls are located at network or sub-network perimeter points such as gateways or routers/switches protecting servers and consist of one or more programs configured to protect the resources of a network or sub-network from users outside the network. For example, an enterprise with an intranet that allows its workers access to the Internet may utilize a firewall to prevent outsiders from accessing data resources on the intranet and for controlling what Internet resources enterprise users have access to. Conventionally, a firewall examines each network packet to determine whether to forward the packet to its destination. For mobile users, firewalls may be configured to allow remote access to a private network via secure logon procedures and authentication certificates, etc. Firewalls may alternately or additionally be located directly on end user devices such as computing devices, cell phones and other wireless devices, etc.
By blocking unauthorized communications into and out of a network, firewalls protect against hackers who may try and compromise network security by installing unauthorized applications on or otherwise attacking one or more network devices. These unauthorized applications may allow a hacker to obtain private and/or sensitive information from one or more network devices (e.g., passwords, credit card numbers, social security numbers, web sites visited, etc.). Other types of attacks can cause network devices to crash or malfunction, be unable to communicate, or lead to data loss/corruption. Although effective in thwarting hackers, firewalls can present problems to legitimate network users by blocking communications of authorized applications.
Configuring firewall blocking rules for users of a network can be a difficult challenge. Optimal firewall configuration generally requires specific expertise to avoid oversimplification or configurations that are too conservative or too liberal. Oversimplification can result in the lack of customization for specific users, which may not be desirable. Conservative configurations may result in too many blocked communications, and liberal configurations may result in less than sufficient blocked communications, both of which may not be desirable.