Information networks that interconnect numerous computational resources have proliferated into all aspects of society. These networks contain vast amounts of information, some of which is sensitive. These networks typically include several host computer systems or servers that are interconnected over a local area network (LANs) to individual workstations and other network resources. Some of the additional network resources may include various data acquisition units (DAUs) or programmable logic controllers (PLCs) that not only provide data, but also are able to control equipment remotely or automatically. As long as these resources stay local there is a controllable amount of risk to the LAN and any equipment that is connected that could be caused by a malfeasant or hacker. The amount of risk posed to sensitive networks increases greatly if these LANs are also interconnected to wide area networks (WANs) that include public networks such as the World Wide Web and the Internet.
There are many different types of hardware, software and communication protocols used in workstations, DAUs, PLCs, and networks. The prevalence of distributed network enterprise systems has created an increased need for computer security. There is a wide range of security measures that may be taken to ensure effective security. Among the most common are intrusion detection systems (IDS), firewalls and antivirus programs that attempt to identify hackers or intruders to systems and prevent any harm to the computer systems. These systems are usually software or a combination of hardware and software that must be configured for specific types of networks and computer systems. For example, the system installed on a UNIX based server would not necessarily be the same or even compatible with a Windows NT based server. It is also imperative that such protections be frequently updated to continue the back and forth battle between hackers and system administrators as no firewall prevents all attacks and is unable to combat some types of attacks such as denial of service attacks.
These types of protections can provide a good level of security and may be enhanced by good security policy and practice, but configuring and maintaining security applications can be extremely complicated, time consuming and resource intensive. Even security applications that were initially excellent often fail as time passes due to failures caused by hardware changes, missing security patches, and more sophisticated hackers. Short of simply not connecting to external computers or networks there is always a risk posed by outside hackers.
Some systems contain such sensitive data or operate critical equipment that the risk posed by hackers is simply too great to allow the system to be connected to external networks even though it would be extremely beneficial and efficient to do so. What is needed is a protection system that would allow the protected system to send data out to external networks, workstations, or other computers but not permit any possible attack from external malefactors.