Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non

What is claimed is:

1. A security system for preventing unauthorized communications between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while permitting application level communication services between computers connected to said first and said second networks, comprising:

a first network motherboard and a second network motherboard, said first and second network motherboards each having a network interface adapter for communication with said first and said second networks of computers, and for establishing a distinct subnetwork mask, respectively;

each of said network motherboards further having a transfer adapter for communication with said transfer adapter of said other network motherboard, said transfer adapters being identical and matched, each of said network motherboards having network operating software to assign a source address for IP protcol communication in accordance with a susbnetwork mask established for one of said network motherboards which is different from the subnetwork mask established for the other of said network motherboards, said network operating software further including protocol conversion software to translate communications received by each said network interface adapter from said first or said second networks of computers, repectively, in IP protocol format to non-IP protocol format for transmission between the transfer adapters of said first and said second network motherboards, whereby upper level layer protocol information and originating source and destination address information are removed from said communication and routing services communications from said first and second computer networks are prevented from being passed between said network interface adapter and said transfer adapter of each said network motherboard, and thence preventing unauthorized communications between computers connected to said first and said second computer networks; and

at least one of said network motherboards having application programming interface (API) shim software for providing application level communication services to the computers connected to said at least one network motherboard notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications.

2. The security system of claim 1 wherein said second computer network is public, and said second network motherboard has API shim software for providing application level communication services to the computers connected to said network interface adapter of said second network motherboard.

3. The security system of claim 1 wherein each of said first and said second computer networks are private, and each of said network motherboards have API shim software for providing application level communication services to the computers connected to said network interface adapter of each said network motherboard.

4. The security system of claim 1 wherein each of said network motherboards are located within a common unit and share a common power supply.

5. The security system of claim 1 wherein each of said network motherboards includes a magnetic storage device and means for periodically backing up information from each said magnetic storage device to each other said magnetic storage device.

6. The security system of claim 5 wherein said magnetic storage devices are of equal capacity.

7. The security system of claim 1 wherein each of said network motherboards independently establishes a distinct Domain Name.

8. The security system of claim 7 wherein each of said network motherboards independently establishes a distinct transport layer protocol TCP/IP address.

9. The security system in accordance with claim 1 wherein said application programing interface (API) shim software includes dynamic link library (DLL) software.

10. A method of preventing unauthorized communications between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while permitting application level communication services between computers connected to said first and said second networks, comprising the steps of:

receiving, at a first motherboard from a first network of computers, a communication in IP protocol format;

translating said communication into non-IP protocol format, whereby original source and destination address information are removed from said communication and routing services communications from said first computer network are prevented;

providing application programming interface (API) shim software to permit application level communications between said first and said second networks of computers, notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications;

transmitting said communication to a second motherboard;

retranslating, at said second motherboard, said communication into IP protocol format and assigning a source address to said communication in accordance with a subnetwork mask established by said second motherboard which is different from the subnetwork mask established for the IP protocol format communication as received by said first motherboard;

transmitting said retranslated communication to said second computer network;

whereby application level communications are permitted between computers connected to said first and said second computer networks, while users connected to said first or said second computer networks are prevented from obtaining routing services information and original source and destination address information pertaining to communications between computers connected to said first and said second computer networks, and thence unauthorized communications between computers connected to said first and said second computer networks are prevented.

11. The method of claim 10 further including the step of controlling, at said second network motherboard, access to said second computer network by devices connected to said first network motherboard.

12. A security interconnection module for use in combination with a second interconnection module for providing application level communication services between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while preventing unauthorized communications between computers of said first and second networks, comprising:

a network motherboard connected to said first network, said second interconnection module being connected for communication with said second network, said network motherboard including

a network interface adapter for communication with said first network of computers, and for establishing a subnetwork mask distinct from the subnetwork mask established by said second interconnection module;

a first transfer adapter for communication with a second transfer adapter included in said second interconnection module, said first transfer adapter and said second transfer adapter being a matched pair;

said network motherboard having network operating software to assign a source address for IP protocol communication in accordance with a subnetwork mask established for said network motherboard which is different from the subnetwork mask established for said other network motherboard, said network operating software further including protocol conversion software to translate communications received from said first network by said network interface adapter from IP protocol format to non-IP protocol format for transmission to said second transfer adapter, thereby removing upper level layer protocol information, originating source and destination address information from said communication and routing services communications are prevented from being transmitted by said first transfer adapter to said second transfer adapter, and thence unauthorized communications between computers connected to said first and said second computer networks; and

said network motherboard having application programming interface (API shim) software for providing application level communication services between the computers of said first and said second networks notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications.

13. The security interconnection module in accordance with claim 12 wherein said application programming interface (API) shim software includes Dynamic Link Library (DLL) software.

Description Submit all comments and votes

FIELD OF THE INVENTION

The present invention relates to a security system for preventing unauthorized communications between one computer network and another computer network and more specifically for preventing unauthorized access to a private computer network from a public computer network such as the Internet.

BACKGROUND OF THE INVENTION

Recent developments in technology have made access easier to publicly available computer networks, such as the Internet. The exchange of information between private computer networks and users attached to the Internet presents a challenge to protect information located on such private networks from unauthorized access by outside Internet users, and from unauthorized export by private users to the outside. For example, a group of private users who work for the same entity may need to have access to common data but desire to shield such information from disclosure to outsiders. Recently, accounts have publicized the vulnerability of even the Pentagon's computer system to break-ins by public Internet users known as "crackers." In breaking into private computer networks, crackers have been able to erase files or disks, cancel programs, retrieve sensitive information and even introduce computer viruses, Trojan horses and/or worms into those private networks.

Another related problem is security among related private computer networks. For example, many companies have branches located in various parts of the country. Each branch may contain a computer network and each of these local computer networks are interconnected in a company-wide computer network. It is desirable in the use of such computer networks to prevent unauthorized access to one of the local computer networks from another of the local computer networks.

For communication on the Internet, the protocol suite Transmission Control Protocol/Internet Protocol (TCP/IP) provides a standardized communication format between nodes on a computer network and between computer networks. This protocol suite is used inside and among private computer networks, as well. Private computer networks are often linked to other private computer networks, such as in a company where multiple user groups exist in the organization with corresponding multiple computer networks. The risk of break-ins and computer misuse by one such private network by users of another private network is also present. For example, a disgruntled employee working from a local area network (LAN) in one organization of the company may break into the private computer network of another organization with the company and cause files to be altered or erased or place viruses, Trojan horses, or worms into nodes contained in that network.

Private computer networks come in all forms and are put to many purposes. There are credit card computer networks which direct network traffic to banks for authorizations and transaction posting, there are university computer networks which maintain student or scientific research information, and there are private company computer networks which contain a variety of proprietary information. The future promises to bring even more connectivity to computer networks through such mechanisms as computerized home television and multimedia services. Providing a security system against breach by so-called crackers will be equally important to the home computer user.

Presently known security systems have often proven either to be ineffective in preventing breach of the private computer network, or have severely limited access to communication services for communicating with other networks. In general, existing security systems disable certain critical communication services between the computer networks. For example, in connection with the Internet, such important communications services as file transfer applications such as File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), and HTTP, and terminal emulation services such as Telnet applications have been disabled for the sake of security. However, when such services are disabled, most of the power to communicate with other computer networks is lost, leaving the private network with only basic electronic mail (E-mail) services to the public Internet, such as provided by Simple Mail Transfer Protocol (SMTP) and POP3 applications. Even with such file transfer and emulation services disabled, private networks have not been immune to breach by crackers from the public Internet or other private networks. An outsider can obtain headers from the sendmail and postscript files used in E-mail, including critical data, to enable entrance into privileged files by mimicking a legitimate user.

Such security systems have been implemented in several ways. For example, screening routers have been used to limit transmission into and out of a private network to specific sites or to specific types of transmissions. However, these limitations by their nature also severely restrict access to communication services with the public Internet or other networks.

Host-based firewalls, also known as dual-homed firewalls, provide an additional level of security by interposing a separate computer system between the private network and the public Internet network. In some dual-homed firewalls, Internet Protocol (IP) packet forwarding is disabled, preventing the firewall from routing IP packets automatically according to the addresses provided. Such dual-homed firewalls also provide a special set of Transmission Control Protocol (TCP) applications to act as proxy agents to communicate with users outside of the private network. In this way, the firewall maintains control over the communications which enter and exit the private network. For example, a user on the private network may use an application such as Telnet to log on to the host-based firewall system. The private network user is then prompted for the Internet address of the end-point. The firewall then sets up a pipe between the private network user and the end-point and monitors the connection between the points. A disadvantage identified with host-based firewalls has been the continual need to increase the size of the firewall system to support increased traffic between the private network and the public Internet network. Another disadvantage of host-based firewalls is that crackers need only to overcome the security defenses of a single computer system in order to gain access to the private network.

Another firewall system is known as bastion hosts, also known as an application level firewall, overcomes these disadvantages of host-based firewalls by providing a subnetwork of hosts to control traffic in and out of the private network. The subnetwork can be expanded by adding hosts as capacity need increases. With bastion hosts the public network is permitted to access only up to an exterior router R2, while the private network is permitted to access only up to an interior router R1. Between the routers a group of proxy hosts are provided which control access to various applications available for communication with the private and public networks. A disadvantage of this system is that code must be specially written to specify each application to be allowed through the subnetwork, making changes in application availability costly and time-consuming. Another disadvantage is the cost and complexity of maintaining a separate subnet and multiple computer systems as hosts for the system.

Accordingly, it is an object of the present invention to provide a security system for connecting a private computer network to another private or public computer network which provides full availability of services to the computer networks while maintaining the private computer network secure from unauthorized access by crackers from the public computer network or other private computer network.

Another object of the present invention is to provide a security system which can be constructed of available standard hardware and software components without requiring costly special coding or hardware.

Another object of the invention is to provide a security system contained entirely within one unit and controllable therefrom.

A further object of the present invention is to provide a security system which protects Unix and MVS hosts connected to the private computer network from unauthorized access by private network users connected to the private local area network (LAN) or wide area network (WAN).

A still further object of the present invention is to provide a security system having two computer motherboards for backing up critical network communication information from one computer motherboard to the other.

Still another object of the invention is to provide the use of unrestricted TCP/IP addresses in a private network which are not limited to the registration procedures of the public Internet, thereby allowing domain names, subnetwork masks, and TCP/IP network/host name addresses to be determined independently in the private networks.

Another object of the present invention is to provide a communication link between a first and second computer network in which the subnetwork mask which is used for communication inside the first computer network is established independently from the subnetwork mask which is presented at the interface to the second network.

SUMMARY OF INVENTION

These and other objects of the present invention are accordingly provided by a security device for preventing unauthorized communications between first computer network and a second computer network. We have discovered that internetwork security can be achieved by providing a security system which includes a first network motherboard and a second network motherboard with each motherboard having a network interface adapter for communicating with the first and second computer networks, respectively. Each network motherboard also has a transfer adapter for transferring communications received at its own network interface adapter to a transfer adapter on the other network motherboard. The transfer adapters must be matched and identical. All of the necessary hardware and software to implement this security system is readily available from multiple sources and no special hardware or software need be designed to implement this system.

Communications received by the network interface adapters connected to the first and second computer network motherboards in Transmission Control Protocol/Internet Control Protocol (TCP/IP) format or Internet Protocol encapsulated in Internet Packet Exchange, IP(IPX), are translated into Internet Packet Exchange (IPX) format communications for further transmission to the network motherboard connected to the other public or private computer network, respectively. This translation process removes the upper TCP protocol layer, the subnetwork mask and prevents the original IP datagram header containing IP header information, an IP destination address, and an IP source address from being further transmitted to the other network. Routing services: IP packet forwarding, and the TCP/IP layers Routing Information Protocol (RIP), Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP) are disabled from being transmitted between the network interface adapter and the transfer adapter of each network motherboard. Removal of the original IP datagram headers and disabling of routing services inhibits an unauthorized user of the first or second computer network from obtaining the IP addresses and the corresponding physical addresses which are necessary for direct communication with nodes on the other network.

The second network motherboard further provides API shim software, and client/server software for permitting communication services to and from the second computer network by requesting nodes of the first network. Alternatively, Dynamic Link Library software can be used in place of, or in addition to API shim software for permitting such communications.

The second network motherboard further sets up a domain name, IP address, and a subnetwork mask to allow users of the second network to find and connect to the second network motherboard. The domain name, IP address, and subnetwork mask are independent from the original domain name, IP address and subnetwork mask which were used at the network interface adapter into the first network motherboard. The independence of the subnetwork masks permits a private network linked to the security system of the present invention to contain as many nodes as desired independently of the subnetwork mask which is presented to the public network side by the second network motherboard.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 shows a block diagram of the security system of the present invention and its connection to private and public Internet computer networks.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

An embodiment of the present invention is shown in FIG. 1. In FIG. 1 two motherboards 12 and 20 are shown sharing a common power supply 28. Motherboard 20 is connected to a public network, e.g. Internet, 26, while motherboard 12 is connected to a private network 10. Alternatively, motherboard 20 can be connected to another private computer network, 26 e.g. at another branch of the same company. I