In the space of just a few years, the Internet—because it provides access to information, and the ability to publish information, in revolutionary ways—has emerged from relative obscurity to international prominence. Whereas in general an internet is a network of networks, the Internet is a global collection of interconnected local, mid-level, and wide-area networks that use the Internet Protocol (IP) as the network layer protocol. Whereas the Internet embraces many local- and wide-area networks, a given local- or wide-area network may or may not form part of the Internet.
As the Internet and its underlying technologies have become increasingly familiar, attention has become focused on Internet security and computer network security in general. With unprecedented access to information has also come unprecedented opportunities to gain unauthorized access to data, change data, destroy data, make unauthorized use of computer resources, interfere with the intended use of computer resources, etc. As experience has shown, the frontier of cyberspace has its share of scofflaws, resulting in increased efforts to protect the data, resources, and reputations of those embracing intranets and the Internet.
Firewalls are intended to shield data and resources from the potential ravages of computer network intruders. In essence, a firewall functions as a mechanism which monitors and controls the flow of data between two networks, or a network and a device. All communications, e.g., data packets, which flow between the networks in either direction must pass through the firewall; otherwise, security is circumvented. The firewall selectively permits the communications to pass from one network to another network or device, to provide bidirectional security.
Recently, there has been much work on software applications referred to as “personal firewalls.” These applications are typically installed on a computer or any other computing device for protecting against unsecure networks coupled thereto. During use of such personal firewalls, network traffic is monitored and filtered based on a predetermined set of rules. Such rules may include any filtering criteria that protect the device. For example, such criteria may result in the prevention of computers having certain IP addresses from accessing the protected device, precluding access to certain ports associated with the protected device, the prevention of certain applications accessing the protected device, etc.
Various system and methods have been developed to accomplish the task of preventing certain applications from accessing a network. For example, U.S. Pat. No. 5,987,611 discloses a computing environment with methods for monitoring access to an open network, such as a WAN or the Internet. The system includes one or more clients, each operating applications or processes (e.g., Netscape Navigator®. or Microsoft Internet Explorer® browser software) requiring Internet (or other open network) access (e.g., an Internet connection to one or more Web servers). Client-based monitoring and filtering of access is provided in conjunction with a centralized enforcement supervisor.
The supervisor maintains access rules for the client-based filtering and verifies the existence and proper operation of the client-based filter application. Access rules which can be defined can specify criteria such as total time a user can be connected to the Internet (e.g., per day, week, month, or the like), time a user can interactively use the Internet (e.g., per day, week, month, or the like), a list of applications or application versions that a user can or cannot use in order to access the Internet, a list of URLs (or WAN addresses) that a user application can (or cannot) access, a list of protocols or protocol components (such as Java Script®) that a user application can or cannot use, and rules to determine what events should be logged (including how long are logs to be kept).
By intercepting process loading and unloading and keeping a list of currently-active processes, each client process can be checked for various characteristics, including checking executable names, version numbers, executable file checksums, version header details, configuration settings, and the like. With this information, the system can determine if a particular process in question should have access to the Internet and what kind of access (i.e., protocols, Internet addresses, time limitations, and the like) is permissible for the given specific user.
Unfortunately, systems such as that set forth in U.S. Pat. No. 5,987,611 require an additional software layer between the operating system and the network device in order to govern network access.
Prior Art FIG. 1 illustrates one exemplary positioning of such a software layer. As shown, a software stack 10 is positioned between a plurality of applications 12 and a network device 14 such as network card, interface, etc.
Normally, such software stack 10 includes an operating system layer 16, a network driver interface specification (NDIS) layer 18, and an Internet Protocol (IP) layer 20. Systems such as that set forth in U.S. Pat. No. 5,987,611 require an additional software layer 22 to intercept network access requests made by various applications.