Networked computer systems typically include a plurality of client computers linked together in a network through which large amounts of data can be exchanged. A group of computers connected in a network in a central location can be referred to as a local area network (LAN), and a group of widely-separated computers or LANs can be connected together in a wide area network (WAN), such as, for example, the Internet.
Clients can communicate with each other by packaging data into packets that are exchanged through the network with other clients. Packets typically include a payload that contains the data to be transmitted over the network and a header that describes the location of the destination to which the packet should be sent. Each client can be assigned a unique address in a network, which can be used to uniquely identify the client to the network and to other devices in the network. The unique address can be, for example, an Internet protocol (IP) address or a media access control (MAC) address. As packets are transmitted through the network from an origination client to a destination client, the packets may pass though a number of network nodes (e.g., hubs, routers, switches, and network servers) that receive the packets and route the packets to the destination or to other nodes along the way to the destination.
Although networked computer systems provide many advantages because of the interconnectivity between multiple clients, such interconnectivity can lead to vulnerabilities and harm to the interconnected clients of the network. For example, in an ideal network, data are transmitted securely from an origination client to a destination client. However, unauthorized users may break into the network—either at a network node or at connections between nodes—and copy and/or infect the data transferred over the network, which can lead to the theft of confidential data or the spread of infected data through the network. Additionally, malicious data (e.g., viruses and worms) contained on an origination client may be easily transmitted from the client through the network to one or more destination clients, where the malicious data can cause harm to the destination client(s).
To combat unauthorized access to, and the theft of, confidential data transmitted through the network, the data may be encrypted at the origination client prior to transmission and decrypted by the destination client upon receipt. However, in such a scenario the network is essentially blind to the contents of the data and therefore can be vulnerable to the spread of malicious data (e.g., viruses) that it cannot recognize as malicious. Useful analysis of network traffic (e.g. for the detection and prevention of malicious data) generally can be performed only on clear, unencrypted data or only after the network traffic has been decrypted at a network node or destination site, but decrypting the traffic while it is in route from an origination client to a destination client would largely defeat the purpose of using encrypted data to communicate between the origin and the destination.
To combat the spread of malicious data, data transmitted through the network can be scanned for viruses, worms, and other malicious data. The data can be scanned by anti-virus and anti-malware programs residing on the client before the data is transmitted from the client to the network or immediately upon receipt of the data from the network. Unfortunately, the first act of a malicious program loaded into a computer system often is to disable such anti-virus and anti-malware programs, so that malicious programs and data will not be detected by the client and can be spread to other clients connected to the network. Data transmitted through the network also can be scanned by anti-virus and anti-malware programs residing on a network node, however, the operation of such programs generally depends on access to clear, unencrypted data, and therefore such programs generally are incapable of detecting encrypted, malicious data. Moreover, requiring the network to scan transmitted data packets for malicious data can place a heavy burden on the network when the network is connected to multiple clients.