Abstract: A method is provided in one example embodiment and includes communicating a query over a network to a plurality of entities that reside in a domain, the query including a request for data relating to energy use. The query can be generated by one or more computing devices belonging to the domain. A selected one of the computing devices can control power consumption for the entities in the domain. In other embodiments, a discovery protocol (DP) and a link layer discovery protocol (LLDP) is used for transporting events regarding the entities that connect or disconnect from the network. The entities send discovery events over a DP/LLDP protocol, identifying them as part of the domain. In yet other embodiments, the method includes querying a selected one of the entities to determine, if the selected entity moved to a certain energy level, an energy consumption value at the certain energy level.

Abstract: A method is employed to group computers to facilitate application of a software modification to the computers. The method includes identifying a global set of computers to which it is desired to apply the software modification. Based on characteristics of software configurations of the computers of the identified global set, the computers of the identified global set are grouped into a plurality of clusters. Grouping the computers into a plurality of clusters includes processing syntactic information about the computers to identify the plurality of clusters and applying the software modification to the computers of the clusters. The software modification is applied with an adjustment for each cluster in an attempt to avoid software breakage of the computers of that cluster.

Abstract: A system, method, and computer program product are provided for applying a rule to associated events. In use, a plurality of events is associated based on at least one identifier. Additionally, at least one rule is applied to the associated events. Further, a reaction is performed based on the application of the at least one rule.

Abstract: A system and method for securing data in mobile devices (104) includes a computing mode (102) and a plurality of mobile devices (104). A node security program (202) executed in the computing node (102) interfaces with a device security program (204) executed at a mobile device (104). The computing node (102) is responsible for managing the security based on a node security profile (208) interpreted by a node security program (202) executed in the computing node (102). A device discovery method and arrangement (106) also detects and locates various information (120) about the mobile devices (104) based on a scan profile (206).

Abstract: A method in one example implementation includes identifying an address space in a memory element of a system configured to operate in a virtual environment. The address space includes at least one system address, and the address space is provided to a virtual machine monitor. The method also includes generating a page table entry for the system address in a shadow page table stored in the virtual machine monitor in response to a guest operating system initiating a process. The page table entry is marked as a page not being present in order to trigger a page fault for a system address access from the guest operating system. In more specific embodiments, the method may include evaluating a page fault to determine access to the address space, where access to a writeable area of the memory element is denied.

Abstract: A method is provided in one example and includes verifying a storage capacity of a network element coupled to an end device over a network connection. The method also includes executing script provided in the network element, which is configured for exchanging packets in a network environment. The script initiates a collection of data being retrieved from the end device. The data can be Fault, Configuration, Accounting, Performance, and Security (FCAPS) data associated with the end device. The data collected from the end device is communicated to a next destination.

Abstract: A system for and method of automatically enforcing a configuration change process for change requests of one or more configurable element within one or more configurable computation systems. The system comprises means for managing a configuration change process for one or more configurable elements within a corresponding configurable computation system, means for generation a configuration request, means for applying a set of authorization rules to the configuration change requests to generate selective authorization of the CEs, and means for selectively locking and unlocking changes to configurable elements within the configurable computational systems.

Abstract: A content aggregation server (CAS) establishes an IPSec tunnel with a gateway of a home network and discovers content on the home network. The CAS generates a web page that a user of the home network can access remotely to view an index of content hyperlinks, organize the content on the home network, and if desired select a hyperlink to access the content directly through the gateway, not the CAS, which thus is used for listing and managing content but not for hosting the content.

Abstract: A security data structure, method and computer program product are provided. In use, computer code is received. Furthermore, functions in the computer code that control a behavior of the computer code when executed are statically identified.

Abstract: In one embodiment, a method includes receiving, at a visited network node, policy for a roaming terminal from a home network of the roaming terminal. The policy is associated with a home Internet Protocol (IP) address of the roaming terminal. The visited network node applies the policy in the visited network to data packets that include the home IP address. Applying the policy to a data packet encompasses either enforcing the policy at the node that applies the policy or sending data that indicates the policy to a different node that applies the policy based on the data sent, or both.

Abstract: Techniques which allow definition and enforcement of program-based action authorization policies. On a computer, an action or execution attempt is intercepted in real-time. The subject process, the program file of the subject process, the attempted action and the object of the attempted action are determined. An authorization policy considering the program file indicates whether the attempted action is authorized or not. In a tracking mode, the attempted action and its authorization are logged and the attempted action is allowed to proceed. In an enforcement mode, unauthorized attempts are blocked and logged, thereby enforcing the authorization policy.

Abstract: A method for managing Internet Protocol (IP) addresses on a data communications network includes allocating multiple local IP address pools, requesting IP address usage data from one or more of the network edge devices, receiving the requested IP address usage data, determining whether the local IP address pools should be reallocated based upon the requested IP address usage data, reallocating one or more of the local IP address pools based upon the determination and updating one or more of the local IP address pool databases and a global IP pool database based upon the reallocating. Each of the local IP address pools is associated with a different network edge device that is capable of accepting connection requests requiring an IP address. The global IP address pool database includes the information maintained in each local IP address pool.

Abstract: An aspect of the present invention relates to methods and systems involving receiving an indicator of an attempted interaction of a client computing facility with an item of content associated with a website and presenting an indicator of reputation to a client computing facility attempting to interact with the web content. The indicator of reputation may be based at least in part upon whether an entity associated with the web content seeks to manipulate a user in order to obtain information from the user.

Abstract: A system and method for creating a virtual round table videoconference is described. An embodiment of the system comprises a plurality of displays arranged in an arc configuration with a table to create a virtual round table. Cameras are arranged around the plurality of displays such that when a participant looks at a display with an image of a remote participant, the camera associated with the display captures an image of the participant's gaze, making eye contact with the camera. The image is displayed at the remote participant's endpoint creating the effect of eye contact between the participants. In another embodiment, audio speakers are arranged to provide directional sound such that the video source for a display and the audio source for the associated speaker are from the same endpoint.

Abstract: Techniques for processing an IP packet at a router that supports SS7 signaling include receiving IP routing data that associates a network link and a destination IP address for a node in a signaling network that includes a plurality of signaling nodes. When an ingress IP data packet is received, it is determined whether conditions are satisfied for locally processing an SS7 payload within the ingress IP data packet. If it is determined that conditions are satisfied for locally processing the SS7 payload, then the SS7 payload is processed locally, i.e., without sending the SS7 payload over a network link to a different node in the signaling network. If it is determined that conditions are not satisfied for locally processing the SS7 payload, then the ingress IP data packet is routed normally. These techniques allow reduced numbers of expensive STP devices and expanded routing options in a signaling network.

Abstract: A system for enhancing functionality of a network. In a specific embodiment, the system employs strategic communications between a network controller and a security gateway. The strategic communications occur via a feedback communications channel between the network controller and the security gateway. The feedback communications channel facilitates transferring security information, such as International Mobile Subscriber Identity (IMSI) and other information, between the network controller and the security gateway. The security information may facilitate enabling the SGW to make intelligent decisions as to how to treat a client communications session. In the specific embodiment, the feedback communications channel includes an intervening Authentication, Authorization, and Accounting (AAA) server that is coupled between the UMA and the network controller.

Abstract: Network management to establish and maintain the health and security of a computing network, such as a home network. A network management tool may identify the media access control (MAC) address for each device in the network, and allow a user to identify which devices are authorized to be a member of the network. If the network gateway device supports MAC address filtering, a user can then employ the network management tool to configure the router to exclude non-authorized devices from joining or remaining in the network based upon their MAC addresses. Further, the network management tool may allow a user to configure a wireless gateway device to stop broadcasting its service set identifier (SSID), change the SSID, or both, identify to the user when a wireless gateway device is using encryption, and, if so, what type of encryption.

Abstract: A data reconstruction system, method and computer program product are provided. In use, one of a plurality of computers receiving data over a network is identified. In addition, the data received by the computer is reconstructed in a manner that is independent of the computer.

Abstract: A method and system for the classification of software in networked systems, includes: determining a software received by a sensor is attempting to execute on a computer system of the sensor; classifying the software as authorized or unauthorized to execute, and gathering information on the software by the sensor if the software is classified as unauthorized to execute. The sensor sends the information on the software to one or more actuators, which determine whether or not to act on one or more targets based on the information. If so, then the actuator sends a directive to the target(s). The target(s) updates its responses according to the directive. The classification of the software is definitive and is not based on heuristics or rules or policies and without any need to rely on any a priori information about the software.