As the Internet grew larger and more business-critical applications were designed and operated, ad hoc security solutions were provided; these offer semi-trusted and semi-secure Internet access. These security solutions mostly fight symptoms instead of addressing the fundamental security issues, but are still the only choice to provide at least some security in an insecure environment.
Packet Filters and Firewalls
The basic idea of such hardware and/or software security solutions is to filter traffic based on predefined rules (from IP addresses to virus patterns in files) and possibly also to determine “unusual” behavior. (This determination is made by intrusion-detection mechanisms that may also be able to catch nontrivial attacks, such as the slow and seemingly arbitrary scanning of systems for weak spots, or the use of covert channels for leaking information to the outside.) Such filtering takes place either on the network/transport layer (i.e., header fields of protocols such as IP, ICMP, UDP, and TCP are examined) or on the application layer (i.e., application protocols such as HTTP or FTP, as well as the actual information content, are examined, unless they are encrypted and thus unavailable for analysis). Many commercial systems allow filtering on both the network/transport and application layers and distinguish the direction of the data flow (inbound/outbound).
Corresponding security devices may also provide additional services, such as semi-trusted ...