The power of personal computers, terminals, servers and other standalone computing devices is significantly increased by connecting such devices together in a local area network. Using a network, individual users of standalone devices distributed over a large geographic area can access common resources and communicate. Networks themselves can be interconnected or "internetworked" locally or over a large area. Such networks also can be connected to a vast, global network, operating according to standard protocols, known as the Internet. Using the Internet and certain wide area network technologies, local users and devices can connect to, "log on" to, request and use distant devices and computing resources.
This technology also offers users the power to be intentionally or negligently destructive or disruptive to distant systems in many ways. For example, using a technique known as "IP spoofing," a user can change the Internet Protocol (IP) address in a message sent from the user's computer so that messages or transaction requests sent to a remote network appear to be coming from somewhere else. Thus, there is a need for methods, systems and products that can detect and reject such false requests.
As another example, a malicious computer user may attempt a "Ping of Death" attack on another computer system. In this attack, the malicious user repeatedly sends a "ping" command or its equivalent to the remote system, or configures a computer program to automatically send the "ping" command to the remote system repeatedly and continuously. The "ping" command is normally used to poll a remote system to determine whether it is active. If the remote system always attempts to respond to the "ping" command, during a "Ping of Death" attack the system will quickly become overwhelmed so that it is spending all its computing time responding to queries that form a part of the attack. Thus, there is a need for processes, systems and products that can enable a system to test whether requests are accurate, valid, and are coming from an authorized system.
Many other types of unauthorized requests and malicious attacks are known. There is a need to protect networked computer systems, servers and operating systems from malicious or merely unauthorized uses, requests, commands and data transmissions.
These and other undesired uses of computers are ideally trapped and thwarted as early as possible, before they can affect the entire system. It is desirable to detect unauthorized commands, uses or requests arriving in the form of network data as soon as the data arrives at or enters the computer system from a network connection. Thus, there is a need to perform security checks and evaluations at a low level of a computer system, for example, in the operating system.
There is also a need to perform data security checks at a low level of the operating system, for example, as a part of processes that initially receive data from the computer hardware that interfaces the system to a network.