The present invention relates to security of a computer connected to a network system and particularly to a method of constituting a network system which executes access control and relays communications of applications through mutual cooperation of fire walls.
As a method of preventing invasion into a computer through a network, a repeater (fire wall) has been proposed to give restriction to the access from outside.
A typical fire wall has a function, as is described "Computer Security Resource Clearinghouse" of NIST (National Institute of Standards and Technology), to control the accesses depending on IP (Internet Protocol) addresses of the transmitting side and receiving side and kinds of services and to the store access record.
Moreover, as a repeater for repeating communication between a client and a server, there is provided socks V5 proposed by RFC1928 in the environment where fire walls exists. In the socks, mutual identification between the client and the repeating server and socks protocol for realizing connection instruction for the repeating server are defined and thereby communication between the client and the server having passed one fire wall can be realized.
Moreover, there is a gateway protocol such as RIP (Routing Information Protocol: RFC 1058), OSPF (Open Shortest Path First: RFC 1131), etc. as a mechanism to realize dynamic exchange of repeating route information in the IP layer.
With rapid development of Internet system, a person can get various kinds of information generated in the world on the real-time basis but, on the other hand, a person is in turn threatened to external invasion. As effective measures for such external invasion, it has been proposed to (1) give limitation on IP address for making access to each service and to (2) provide a gateway (fire wall in narrow sense) to store the access record. Use of such fire wall in narrow sense has enabled reduction of threat for an external invader by acquiring matching property of the operating environment of the gateway itself and localizing the range of control by an administrator.
However, in the case of executing the access control utilizing the technique of the related art, since the access control object is based on the information incorporated to a computer such as class of service and IP address, there is a problem that the access control based on users cannot be realized. For example, desired access control becomes impossible for the computer to which the IP address is assigned dynamically and class of service is limited to particular users.
Moreover, in private network utilizing the Internet, a fire wall plays a very important role for security and an internal fire wall is increasingly installed in the private network in order to protect the sub-network. There are several problems to be solved for the communication in the environment where a plurality of fire walls exist. For example, when the communication having passed the internal fire wall for protecting the sub-network is to be attempted from a computer of an external network, the communication must be repeated between the external fire wall and the internal fire wall.
However, since the routing information for the internal fire wall provided for repeating is concealed to the external network, such routing information must be obtained with a certain method. FIG. 1 shows an example of the problem explained above. When a client ex101 attempts to make communication with a server accommodated in the network ex106 of A corporation, an external fire wall ex102 repeats the communication. Since the external fire wall ex102 can obtain the routing information to the server ex104 for communication with the server ex104 in the network ex106 of A corporation, communication can be repeated. However, since the server ex105 is concealed by the internal fire wall ex103 for the communication with the server ex105 accommodated in the sub-network ex107, the external fire wall ex102 cannot obtain the routing information to the server ex105 and thereby this communication cannot be repeated.
Moreover, in the case of the communication between two networks connected through the external network, this communication cannot be realized between respective internal fire walls, unless the routing information for identifying the internal fire wall is set for the external fire wall.
FIG. 2 shows an example of the problem explained above. A client ex201 accommodated in the network ex210 is capable of making communication with a server ex202 in the network ex211 by registering the fire wall ex206 as the route to the server ex202 in the fire wall ex205. However, when a server ex204 is provided in the internal sub-network ex214 of the network ex213, since the route is concealed by the fire wall ex208, the internal fire wall ex209 cannot be registered in the fire wall ex207.