Local networks today, especially personal networks, may vary over time. Users may add and remove network elements to suit their individual needs at particular times. It is becoming common to have many PCs and other computing devices such scanner, printers, and so on.
Where the networks are wireline networks (that is, all of the elements operate solely over wires connecting the various devices), adding a new device requires physically connecting the new device to the network. Because a physical connection is required to a wireline network, it is difficult for an intruder to break into the wireline network and to utilize the devices on the network. The most commonly used attack depends on taking advantage of existing connections to external networks: e.g., a connection to the Internet. By exploiting known vulnerabilities in the operating systems of the devices, an intruder may gain access to the devices without physically penetrating the network.
Wireless networks, on the other hand, may be much easier to penetrate. Wireless networks may, of course, be penetrated over a connection to an external network, just like a wireline network. But wireless networks may also be accessed directly. Unless the wireless access point is secured (something not enabled by default from most wireless networking companies, and typically ignored by most users) and uses a sufficiently strong encryption algorithm, any device within range of the wireless access point may be added to the network. An entire subculture has developed around this point. Some computer users drive around, looking for open wireless access points that they may use. Sometimes, these users are simply looking for free bandwidth onto the Internet. But some of these users take advantage of the lack of security to peruse through user's files, or to engage in more malicious acts. To aid others in taking similar advantage of insecure wireless access points, these users engage in “warchalking”: leaving marks visible on the street that show what is available and how to access it. (Warchalking is very reminiscent of the coded symbols used by hobos during the Great Depression, to alert other hobos what places to visit or avoid.)
As suggested above, there are ways to keep a wireless network secure. The wireless access points may be configured to permit communications only with identified and recognized devices in infrastructure mode, a commonplace approach. For example, if a user has two computers on the wireless network in infrastructure mode, the wireless access point may be instructed to permit communications with only those devices, and to reject communications from other computers. (The wireless access point recognizes the computers using Media Access Control (MAC) numbers, which are typically unique to each networking card and are transmitted to the wireless access point. While this level of security may be defeated by “cloning” the MAC number, most hackers would not spend the time necessary to break into a network secured this way, preferring instead to hack into a less secure network.)
Another way to secure the network is for devices to require that the other devices on the network with which they communicate use a security service. Such a security service is a segment of code built into the device, and which is satisfied before the device carries out any other services on behalf of a requesting device. Such a security service is part of the UPnP Device Security 1.0 standard, published Nov. 17, 2003, a copy of which may be found online at http:##www.upnp.org#standardizeddcps#documents#DeviceSecurity—1.0cc—001.pdf (to avoid inadvertent hyperlinks, forward slashes (“/”) in the preceding uniform resource locator (URL) have been replaced with pound signs (“#”)). (Related UPnP security standards and other documents may be found at http:##www.upnp.org#standardizeddcps#security.asp and http:##www.upnp.org#standardizeddcps#default.asp.)
But the UPnP Device Security 1.0 standard is a new standard, being developed only recently. UPnP, standing for “Universal Plug and Play,” allows devices to identify themselves to the network automatically, avoiding the need for manual configuration. UPnP devices operate by broadcasting their identity to the network and listening for responses from any other devices interested in using them. Devices that came out before the adoption of UPnP Device Security 1.0 most likely do not comply with the standard, if they offer any device security at all. While firmware updates could introduce compliant security services to these devices, such updates will happen only if the device manufacturers develop firmware updates to add device security.
Embodiments of the invention address these problems and others in the art.