Advances in communications technology and the availability of powerful desktop computer hardware has increased the use of computers to access a variety of publicly available computer networks. For example, the speed of modems, which are well-known communication devices used for transforming a digital bit stream into an analog signal, has significantly increased thereby providing for the high-speed exchange of information across, e.g., the public switched telephone network (PSTN.) Today, a tremendous amount of information is exchanged between individual users located around the world via public computer networks, e.g., the Internet. One class of users includes private individuals and professional users interconnected via a private network, e.g., a corporate intranet.
The exchange of information between private and public computer networks has presented a variety of critical security issues for the protection of information on the private computer networks and the overall functionality of the private computer network itself. Numerous well publicized accounts exist of individuals known as "hackers" who have improperly breached the security of private computer networks and caused severe damage. In particular, some of the most sophisticated types of security threats are posed by programs which exploit certain vulnerabilities within network computing systems. To name a few, these program-related security threats include well-known logic bombs, trapdoors, trojan horses, viruses and worms, as described, e.g., by W. Stallings, Network and Internetwork Security Principles and Practice, Prentice-Hall, Inc., Englewood Cliffs, N.J., 1995. Such well-known software program threats either work independently (e.g., worms) to achieve their desired security breach, or require the invocation of a host program to be invoked to perform the desired disruptive actions (e.g., trapdoors, logic bombs, trojan horses or viruses.) Such damage has included the destruction of electronic files, alteration of databases, or the introduction of computer viruses which affect the operability of the private computer network or computer hardware connected to the private network.
Computer network security, at a minimum, is directed to ensuring the reliable operation of computing and networking resources, and protecting information within the private network from unauthorized disclosure or access. Network administrators responsible for the operation of private computer networks employ a variety of security measures to protect the network from external security breaches by unauthorized users. One well-known technique uses so-called "firewalls". This security scheme essentially places a separate computer system, i.e., the firewall, between the private network and the public network, e.g., the Internet. Commonly, these firewalls are software-based gateways that are typically installed on a separate server to protect computers on a local area network ("LAN") within a private network from attacks by outsiders, i.e., unauthorized users.
In particular, the firewall server maintains control over communications from and to the private network. Essentially, the firewall server imposes certain security measures on all users employing the private network. For example, firewalls may block access to new Internet services or sites on the well-known World Wide Web ("WWW") because the security consequences are unknown or not accounted for by the present firewall configuration. One potential installation configuration of a firewall is that WWW clients can no longer directly contact WWW servers. Typically, this proves too restrictive, and network administrators employ so-called "proxy servers". Proxy servers are designed with certain features which provide for the forwarding of requests from WWW clients through the firewall thereby providing communication flow to and from servers on the Internet.
FIG. 1 shows such a prior art network configuration 100 employing separate servers, e.g., firewall server 120 and proxy server 140, for delivering firewall security to, e.g., private network 130. As shown in FIG. 1, firewall server 120 is a separate computer system situated between public network 110 and private network 130 for delivering network security measures to the communications exchanged between the networks. As will be appreciated, the investment in delivering the server-based firewall of FIG. 1 from a hardware, facilities management and network management perspective is significant. Of course, for very large private networks the cost of installing and maintaining such a dedicated server-based firewall is justified in view of the potential damage which network security breaches can inflict inside the private network. However, for small/medium sized networks and individual computer users, the cost of a server-based firewall security configuration can be prohibitive.
A need exists therefore for a client-based firewall technique which provides for network security within e.g., a private network.