Wireless devices provide always-on connectivity to their users and the broad availability of business. Consumer and lifestyle applications make such devices an integral part of daily life, from conducting banking transactions, booking restaurant reservations, web browsing, and general electronic content consumption. Unfortunately, their prevalence and range of uses make wireless devices an increasingly attractive target for various electronic hacks, including computer viruses, malware, etc. Consequently, it is becoming increasingly common to implement some form of firewall on wireless devices.
Here, the term “firewall” has an ordinarily understood meaning in the computer arts and broadly refers to a network security mechanism implemented in hardware and/or software and configured to detect suspicious or unauthorized activity based on analyzing the network traffic passing through the firewall. Simple firewalls operate in stateless manner and evaluate individual packets of traffic without regard to their respective packet flows or connections. More sophisticated firewalls are referred to as “stateful” firewalls and this type of firewall analyzes network traffic based on detecting new connections and accumulating packet information for individual connections. Firewalls also may operate at the application level, where knowledge of application behaviors and protocols is exploited to detect suspicious or unauthorized activity.
In the context of a given wireless device, its firewall establishes a secure boundary between the device and other devices or systems, based on analyzing the traffic going between the device and the supporting wireless communication network. Here, it will be appreciated that this traffic generally is pass-through traffic with respect to the wireless communication network, with the firewalled device as one endpoint and some device or system in an external network as the other endpoint.
While some types of wireless devices may have ample computing resources to support local implementation of such firewalls, such resources are quite limited in other types of wireless devices. The resource constraints become more acute as the firewall sophistication increases. For example, a sophisticated stateful firewall may consume significantly more memory and compute cycles than a firewall that uses simple, stateless packet filtering.