Abstract: A method and system for monitoring UDP communications and for preventing unauthorized UDP communications within a computer network. A method for managing access to a resource comprises assigning a unique user identifier to each authorized user, upon initiation of a UDP communication initialed by a specific authorized user for access to a specific resource, appending the unique user identifier of the specific authorized user to each UDP packet of the UDP communication, intercepting the plurality of UDP packets within the computer network, extracting the unique user identifier from each UDP packet to identify the specific authorized user associated with the respective UDP packet, and allowing each respective UDP packet to reach the specific resource as a function of the unique user identifier extracted from the respective UDP packet.
Abstract: A method, system and program for preventing intrusion in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources and authorized user information is stored in a database at a network portal along with access policy rules that are device and user dependent. Identification of the source node is required before the source node can construct a transformed packet header that is included with a synchronization packet before transmission to a destination node. An appliance or firewall in the communications network receives and authenticates the synchronization packet before releasing the packet to its, intended destination. The authentication process includes verification of the access policy associated with the source node. Once received at the destination node, the transformed packet header is reformed by extracting a key index value.
Abstract: The disclosed system, apparatuses, and method can be used to relate network event data generated by different devices in a computer network in order to provide a user with a comprehensive view or report of network activity occurring on a computer network, including the computer, user, network address, and resource involved. This comprehensive view of network activity can be used to prove compliance with applicable policy, law and/or regulation restricting access to a resource such as confidential business information and/or personal information required to be protected. In addition, the comprehensive view of network activity can be used to discover vulnerabilities in the computer network, to monitor ongoing network activity, and to enforce applicable security policy, law and/or regulation to prevent access to a network resource.
Abstract: An embodiment of a system of the invention includes a request node, an enforcement node, and a resource node. A request node generates a packet requesting access to a resource, includes its security realm identifier in the packet header, and transmits the same to the enforcement node via a network such as the Internet. The enforcement node receives the packet and applies the security policy of the resource node based on whether or not the request node is in the same security realm as the resource node. Related apparatuses, methods, and computer-readable media are also disclosed and claimed.
Abstract: A method, system and program for preventing intrusion in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources and authorized user information is stored in a database at a network portal along with access policy rules that are device and user dependent. Identification of the source node is required before the source node can construct a transformed packet header that is included with a synchronization packet before transmission to a destination node. An appliance or firewall in the communications network receives and authenticates the synchronization packet before releasing the packet to its intended destination. The authentication process includes verification of the access policy associated with the source node. Once received at the destination node, the transformed packet header is reformed by extracting a key index value.
Abstract: Methods, systems and computer-readable data storage media for authentication and/or access authorization in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources, authorized user, and/or source information are stored in a database at a network portal along with access policy rules that can be device and/or user dependent. A source node can construct a packet header including a user identifier indicating the user originating the request, and/or a source identifier indicating the hardware from which the request is originated. At least one of these identifiers are included with a synchronization packet for transmission to a destination node. An appliance or firewall in the communications network receives, authenticates, and determines whether resource access is authorized before releasing the packet to its intended destination.