Abstract: A system, method and computer program product are provided. Initially, data is received from a remote source which is destined for a target. A portion of such data is discarded based on a predetermined set of rules utilizing a firewall. Further, the data is compared to a predetermined list of data associated with attacks utilizing an intrusion detection system. Based on the comparison, some of the data is marked as hostile. The data that is marked as hostile is then acted upon in order to prevent an attack.

Abstract: A system, method and computer program product are provided. Commands are received for executing a risk-assessment scan from a remote computer utilizing a network. The commands are processed on a local computer utilizing an agent. Further, the risk-assessment scan is performed on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer. Such agent includes a plurality of risk-assessment modules. Further, the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer.

Abstract: A system, method and computer program product are provided for detecting modifications to risk assessment scanning caused by an intermediate device. Initially, a risk assessment scan is initiated on a target from a remote source utilizing a network. Next, it is determined whether the risk assessment scan involves an intermediate device coupled between the target and the remote source. Results of the risk assessment scan are then received from the target utilizing the network. If it is determined that the risk assessment scan involves the intermediate device, an administrator is notified for executing additional security measures.

Abstract: A system, method and computer program product are provided for executing a risk-assessment scan with a variable timeout duration which is set based on network conditions. Initially, network conditions are measured in a network coupled between a source and a target. Subsequently, a risk-assessment scan is executed on the target from the source. A timeout is performed prior to making a determination that the target is failing to respond to the risk-assessment scan. Such timeout includes a variable duration which is set as a function of the measured network conditions.

Abstract: A system, method and computer program product are provided for remotely detecting vulnerabilities on a local computer. Initially, an agent is installed on a local computer for receiving encrypted commands from a remote computer utilizing a network. Next, the commands are decrypted and processed on the local computer utilizing the agent. A risk-assessment scan is then performed on the local computer utilizing the agent in accordance with the processed commands for the purpose of remotely detecting local vulnerabilities on the local computer.

Abstract: A system, method and computer program product are provided for minimizing the duration of a risk-assessment scan. Initially, a plurality of risk-assessment modules are selected each including vulnerability checks associated with a risk-assessment scan. Thereafter, a first set of ports is determined. Such first set of ports is required for communicating with network components subject to the risk-assessment modules associated with the risk-assessment scan. A port scan is subsequently executed on the first set of ports. Based on such port scan, a second set of ports is determined which includes ports unavailable for communicating with the network components subject to the risk-assessment modules associated with the risk-assessment scan. The risk-assessment modules associated with the second set of ports may then be disabled to minimize the duration of the risk-assessment scan.

Abstract: A system, method and computer program product are provided for detecting attacks on a network. Initially, data is received from a remote source which is destined for a target. A portion of such data is then discarded based on a predetermined set of rules utilizing a firewall which is coupled to the remote source. Remaining data is subsequently passed to an intrusion detection system coupled between the firewall and the target. Such data is parsed to identify data representing text (i.e. ASCII or UNICODE text) therein utilizing the intrusion detection system. Thereafter, the data representing text- is compared to a predetermined list of data representing text-associated with attacks utilizing the intrusion detection system. Based on the comparison, some of the data representing text are marked as hostile. The data representing text-that are marked as hostile are then acted upon in order to prevent an attack.