The proliferation of mobile computing devices (e.g., laptop computers, cell phones, PDA's), and connectivity methods (e.g., Ethernet, Wi-Fi, cellular) introduces scenarios where a computing device may be attached to several networks of varying properties over the course of a day. For example, a businessman may use a laptop computer on a home network in the morning before going to work, and then use the same laptop computer later in the morning at work while connected to a corporate network. The same laptop computer might then be taken on a business trip later that afternoon where it could be connected to the Internet through a public Wi-Fi (short for “wireless fidelity”) network, for example, at the airport. In addition to the possibility of being connected to several networks having different properties during different times in a day, such mobile computing devices are increasingly being connected to several different networks at the same time.
Exposure to certain network environments (e.g., the Internet) can pose particular risks for mobile computing devices when such devices are initially configured to operate in a particular, static network environment that is known to be safe (e.g., a home network environment protected by an Internet firewall). The ease of connecting mobile computer devices to various networks with differing properties increases the risk that such devices will encounter undesirable contacts in a hostile network environment.
Current methods for administering network security for such computers generally apply to the particular, static network to which the computers are connected. Network security configurations that protect computers on a static network (e.g., a home network) are generally implemented on an “interface” such as a firewall that is associated with only the static network. FIG. 1 illustrates a typical network environment in which a safe network environment (e.g., a home network) is separated from an unsafe network environment (e.g., the Internet) by a security boundary. The security boundary represents a firewall running on a gateway computer. The firewall may be configured to enforce particular policies designed to protect computers on the home network (i.e., safe network environment) from undesirable contact with devices on the Internet. Thus, while computers on the home network may be configured to share files freely, the firewall may be configured to refuse any external requests (i.e., from the Internet) for file sharing. This configuration can work well to protect computers in a static network environment where the firewall is properly configured.
However, security policies enforced by the firewall on the home network in the safe environment do not travel with a mobile computer when the mobile computer is removed from the home network environment and connected to the Internet, for example, through a public Wi-Fi network. The mobile computer is therefore subject to external file requests or attacks (e.g., file erasing) by other devices on the Internet unless the specific file sharing policies for the computer are manually adjusted each time the mobile computer is taken out of the home network environment. Various other scenarios and examples exist where applications and files on such mobile computers can be exposed to similar risks. The effectiveness of current methods for administering network security for such mobile computers is optimized only when the computers remain connected to the static network configured to provide a safe environment.
Accordingly, the need exists for a way to protect mobile computing devices that are connectable to various networks having varying properties.