In general, a firewall is an electronic boundary that prevents unauthorized users from accessing certain files on a network or a computer. A firewall may be provided as firewall code on a user's computer (“host firewall”). Alternatively, a dedicated firewall machine may be provided at the edge of a network (“edge firewall”) that interfaces with computers outside the network and has special security precautions built into it in order to protect sensitive files on computers within the network. The idea is to protect a cluster of more loosely administered machines hidden behind the edge firewall from computer users outside of the network. The machine on which the edge firewall is located is often referred to as a “gateway” or a “dedicated gateway.” If configured to protect a network from the Internet, the machine is often referred to at an “Internet Gateway Device.”
Firewalls use one or more of at least three different methods to control traffic flowing in and out of the network. In a first method, called static packet filtering, packets are analyzed against a set of filters. Packets approved by the filters are sent to the requesting system; all others are discarded. In a second method, called proxy service, information from the Internet is retrieved by the firewall, evaluated against a policy, and then sent to the requesting system, and vice versa. In a third, newer method, called stateful inspection, the contents of the packet are not examined, but instead key parts of the packet are compared to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for special defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Firewalls are customizable, meaning that filters may be added or removed based upon several conditions. As an example, Internet Protocol (“IP”) addresses may be used to restrict or block traffic. As an example, if a certain IP address outside the network is reading too many files from a server, the firewall can block all traffic to and/or from that address. As another example, a firewall may block all access to certain domain names, or allow access to only specific domain names. As still another example, a company might set up a network with only one or two machines to handle a specific protocol or protocols and ban those protocols on all other machines. Still another example is using ports to restrict traffic. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one on a network.
Thus, a firewall ensures security by reviewing network communications and only allowing communications that are consistent with a policy that has been set within the firewall. However, while the traffic control methods described above work well for filtering some traffic, the rules or policies set for the firewall may not meet the needs of some of the applications within the network. Since firewalls cannot have complete knowledge of all existing and future applications, firewalls implement heuristics to differentiate between a safe communication and a potentially dangerous communication. For example, a firewall may choose to allow connections initiated from within a trusted network but not from those initiated from outside the trusted network (e.g., initiated from the Internet).
Although the heuristics simplify firewall policy design, some applications do not align with the firewall's heuristics. As a result, attempts at communication by such an application will fail, prompting firewall designers to implement and test special work-arounds for each and every application that fails. These work-arounds increase firewall complexity and code churn.
Recent efforts to devise a firewall control protocol (“FCP”) that allows applications to modify a firewall's policy on an ad hoc basis have not been successful due to a fundamental security conflict: The firewall policy is created and managed by a trusted entity (e.g., a network administrator), while the applications may run on untrusted nodes or endpoints. Allowing untrusted applications to modify corporate network policy is inconsistent with the security goals of the firewall.