1. Field of the Invention
The present invention relates to communication network security. More specifically, it relates to firewall technology and exchange of data between networks.
2. Description of the Related Art
Firewalls have made a significant contribution to computer network security, particularly since the advent of the Internet. As is well known in the field of computer networking, there are numerous types of firewall technology, such as application-layer firewalls, network-layer firewalls, and so on, which can be implemented as hardware, software, firmware, or combinations thereof. However, firewalls and computer network security in general should continue to expand and improve. Attacks on enterprise and home networks are growing increasingly sophisticated. More individuals are using portable, hand-held, IP-enabled devices to communicate. While network bandwidth has increased, so has the number of users. Thus, sharing bandwidth and assigning priorities to bandwidth usage have become important factors to service providers and network operators. As wired and wireless digital communication becomes more prevalent, users are demanding more options with regard to network usage, such as paying premiums for guaranteed service, for a larger share of a digital pipeline, or for ensuring certain levels of network performance. Thus, for the benefit of various entities, ranging, for example, from telecom providers and ISPs to individual VoIP phone users, it would be useful to expand the capabilities of firewalls.
ISPs normally let all or most data traffic into a network, leaving it to the network owner to keep bad traffic out using devices such as firewalls. The ISP has access to the Internet via a high speed network, such as a fiber optic network. The connection from the ISP to a typical enterprise network, via a Ti line, for example, has a much smaller bandwidth and can be easily saturated and cause denial of service and other issues for the network owner. Malicious parties have the ability to consume the network's bandwidth between the network's firewalls and the ISP.
In addition, within a home network (as well as other networks), users may want to ensure that they have outgoing service at all times for certain devices. For example, a VoIP phone may be used to make a 911 call and the user will want to ensure that the call is made. However, if another device in the home network is consuming all the bandwidth (e.g., a DVR downloading a TV schedule or a PC downloading a movie file), the VoIP phone call may not make it through.
Therefore, it would be desirable have a firewall operated by the ISP that implements rules and policies of a network owner or the owner of a stand-alone device, thereby preventing unwanted traffic from entering the network and ensuring that there is available bandwidth for data leaving the network in certain specified circumstances.