A firewall is a security system that forms a protection border between a network and the outside thereof.
FIG. 1 is a view showing an Internet Connection Firewall (ICF) for protecting a computer and a network, which has been basically provided by Microsoft Inc. since the XP version of Windows.
The ICF is software used to set restrictions on information communicated between a network or small-scale network and the Internet, and protects an Internet connection of a single computer to the Internet.
Meanwhile, a conventional ICF is a stateful firewall. The term stateful firewall refers to a firewall which monitors all the communication passing through a corresponding path, and inspects the original of each message to be processed, a target address and a port.
The ICF permits outbound traffic but blocks inbound traffic, so that a network inside the ICF is not seen from the outside. For this reason, in a Personal Computer (PC) firewall, this function is referred to as a “stealth function.”
The operation of the ICF is described in brief below.
The ICF keeps track of traffic originating from an ICF computer, and maintains a communication table, so that unwanted traffic does not enter through the personal connection. Further, all inbound traffic on the Internet is compared with the items in the table. Only in the case where it is proved that a matching item exists in the table and communication originated from the user's computer, inbound Internet traffic is connected to a network computer.
In contrast, in the case where an Internet connection is not permitted on the basis of a firewall permission list, the ICF disconnects the connection. Accordingly, general hacking, such as port scanning, can be blocked by automatically canceling unwanted communication.
For example, when an ICF computer is scanned using a Linux nmap scanning tool in order to check such a case, the ICF computer does not respond to any scan operation, so that Network Mapper (Nmap) determines that a target computer does not exist on a network for every scan, and outputs the message “Host Seems Down.” As described above, the ICF blocks general hacking, such as port scanning, is performed by automatically canceling unwanted communication.
Meanwhile, when the ICF is installed in a web service providing computer, the ICF blocks inbound traffic, so that the Internet connection is disconnected, and, therefore, normal web service cannot be offered. To solve this problem, the ICF permits inbound traffic to Port 80 used by service, thus being capable of allowing normal web service.
As described above, the ICF allows normal service to be used by adding services and protocols, and the PC firewall also provides such functions.
Meanwhile, the problem of the ICF is described below.
Recent Internet software, such as a web server, a File Transfer Protocol (FTP) server, a telnet server, a peer-to-peer (P2P) program, a remote control program and a messenger program, operates as service providing servers. Furthermore, the amount of software operating as a server as described above is increasing remarkably, and such software trends toward being used by many general users.
However, most users avoid using stealth function of the ICF or PC firewall because the above-described software operating as a server does not operate normally. In Windows XP shown in FIG. 2, the corresponding software can be normally used by adding a port, a protocol, and an Internet Protocol (IP) used by the software operating as a server uses. However, it is difficult for inexpert users to set them because the inexpert users have difficulty in finding a port operating as a server.
Furthermore, since a port operating as a server may be changed when the version of the software is upgraded, normal service may be unexpectedly interrupted. For these reasons, there is a problem in that it is difficult for general users to use the stealth functions of the ICF and the PC firewall despite their desired characteristics.