| 摘要 |
The invention is a process for providing a secure network environment for computers that are connected to networks that are inherently non-secure by design. As the world's networks accelerate their conversion to high bandwidth cable, ADSL/DSL, and fibre connections, security issues surrounding this type of full-time connection have become of great concern. Computers using dial-up connections or direct full-time connections are vulnerable to hacker attacks. While larger corporate networks with full-time connections to the Internet are often protected by an internal firewall, residential, ho me office, and small business connections rarely are. Firewalls installed at the user location require proper configuration and maintenance, tasks that users may not want, or may not have the ability, to perform. All computers connected to the Internet without a firewall, whether using a dial-up or a full-time connection, are open to substantial risk of compromise. Current attempts to solve the problem require either that all computers in a joint communication have compatible encryption software or that each of the computers have a dedicated "firewall" to resist attempts from unauthorized computers to enter the communication loop. In the case where the user has created an encrypted virtual private network,that users computer remains exposed to external hacking and, in either case, the user must know in advance which network addresses will be contacted during a session or must suffer the time delay and inconvenience of inputting allowed network addresses as the session proceeds. Current methods also require constant maintenance by t he user. The invention provides a high level of transparent security for computers that d o not have dedicated firewalls or encryption software compatible with the desired targe t of communication (the "destination computer"). The result is the provision of network security with increased simplicity and reduced cost.
|
