1. Technical Field
The present disclosure relates to packet filtering and, more specifically, to a method and system for filtering packets within a tunnel.
2. Description of the Related Art
Computer networks are increasingly exposed to potentially harmful network traffic. There are many ways in which this network traffic may threaten the security and/or productivity of an enterprise. As one example, malicious programs such as computer viruses and worms may enter a computer network as network traffic. As another example, the security of sensitive information may be compromised via network traffic.
Tools for protecting computer networks from potentially harmful network traffic include packet filter and intrusion protection systems. These systems may include dedicated hardware devices or software running on a general-purpose computer capable of intercepting incoming and/or outgoing network traffic and determining whether the intercepted traffic is potentially harmful. Potentially harmful network traffic may then be blocked and safe network traffic may be allowed.
One problem with currently available packet filters is that users typically need to replace hardware that is currently routing packets in order to correctly install the packet filter. This often is because most computer networks use dedicated hardware routers that are not able to adapt to running packet filter software that is generally written for general-purpose operating systems and not for dedicated routers. In such cases, the user may therefore elect to replace dedicated routers with a general-purpose computer that is capable of routing traffic and executing packet filter software.
There are significant risks involved with replacing routing hardware. Inexperienced network administrators may improperly configure the new router. Furthermore, the user may discover that the new router is not capable of handling the desired level of network traffic load and network functionality has been disrupted. Because of these risks, users often resist purchasing packet filter products.