Abstract: Methods and apparatus involve protecting data encrypted by a first key on an endpoint computing asset including a drive with full disk encryption. The endpoint has both a main operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents a user of the endpoint from accessing the encrypted data and the key. In one embodiment, an information exchange partition on the endpoint is accessible from a remote location and includes data encrypted using a second key accessible to both the pre-boot operating system and the main operating system. Another embodiment allows for the provision of a network connection to the endpoint during the pre-boot phase of operation in accordance with a security policy.

Abstract: Methods and apparatus involve securing a network connection by way of mobile, endpoint computing assets. The endpoints have one or more pre-defined security policies governing the connection that are balanced against competing interests of actually maintaining connections between devices, especially in WiMAX, MANET, MESH, or other ad hoc computing environments where poor security, signal strength, fragile connections or mobility issues are of traditional concern. In this manner, connections will not be lost over security enforcement in an otherwise hostile environment. The security policies are enforced in a variety of ways, but may be altered to lesser policies or not-so-strictly enforced so as to maintain satisfactory connections between devices. Other embodiments contemplate analyzing connectivity components before connection and selecting only those components that enable full or best compliance with the policies.

Abstract: Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment.

Abstract: Methods and apparatus involve evaluating endpoint computing assets. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the traditional operating system identifies a last evaluation status of the computing device at a time just prior to shutting down. Upon a next booting, the pre-boot operating system loads and examines [reads] the last evaluation status. If the last evaluation status requires any completion action in order to comply with a predetermined computing policy, either or both the operating systems attend to its effectuation, including communication/handoff by way of one or more security agents. In a variety of ways, effectuation occurs by: determining a present location of the computing device, quarantining the computing device from certain network traffic; VPN enforcement; patching applications; firewall involvement; etc. Computer program products are also disclosed.

Abstract: Methods and apparatus enforce a secure internet connection from a mobiles endpoint computing device. A security policy for the endpoint is defined based on its location. From that location, an internet connection is established and detected. This event triggers the launching of a full VPN tunnel connection including an NDIS firewall forcing packet traffic through a port of the endpoint computing device assigned by the security policy and/or MAC/IP addresses of a VPN concentrator. Thereafter, the packet traffic is monitored for compliance with the security policy. This includes determining whether packet traffic over the assigned port is observed within a given time or packet traffic is attempted over other ports. Monitoring occurs whether or not the protocol of the VPN tunnel connection is known. Other features contemplate quarantining for improper operation of the VPN tunnel, undertaking remediation, and computer program products, to name a few.

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract: Methods and apparatus involve protecting data encrypted by a first key on an endpoint computing asset including a drive with full disk encryption. The endpoint has both a main operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents a user of the endpoint from accessing the encrypted data and the key. In one embodiment, an information exchange partition on the endpoint is accessible from a remote location and includes data encrypted using a second key accessible to both the pre-boot operating system and the main operating system. Another embodiment allows for the provision of a network connection to the endpoint during the pre-boot phase of operation in accordance with a security policy.

Abstract: Methods and apparatus involve the mitigation of security threats at a computing endpoint, such as a server, including dynamic virtual machine imaging. During use, a threat assessment is undertaken to determine whether a server is compromised by a security threat. If so, a countermeasure to counteract the security threat is developed and installed on a virtual representation of the server. In this manner, the compromised server can be replaced with its virtual representation, but while always maintaining the availability of the endpoint in the computing environment. Other features contemplate configuration of the virtual representation from a cloned image of the compromised server at least as of a time just before the compromise and configuration on separate or same hardware platforms. Testing of the countermeasure to determine success is another feature as is monitoring data flows to identifying compromises, including types or severity. Computer program products and systems are also taught.

Abstract: Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment.

Abstract: Methods and apparatus enforce a secure internet connection from a mobiles endpoint computing device. A security policy for the endpoint is defined based on its location. From that location, an internet connection is established and detected. This event triggers the launching of a full VPN tunnel connection including an NDIS firewall forcing packet traffic through a port of the endpoint computing device assigned by the security policy and/or MAC/IP addresses of a VPN concentrator. Thereafter, the packet traffic is monitored for compliance with the security policy. This includes determining whether packet traffic over the assigned port is observed within a given time or packet traffic is attempted over other ports. Monitoring occurs whether or not the protocol of the VPN tunnel connection is known. Other features contemplate quarantining for improper operation of the VPN tunnel, undertaking remediation, and computer program products, to name a few.

Abstract: Methods and apparatus involve securing a network connection by way of mobile, endpoint computing assets. The endpoints have one or more pre-defined security policies governing the connection that are balanced against competing interests of actually maintaining connections between devices, especially in WiMAX, MANET, MESH, or other ad hoc computing environments where poor security, signal strength, fragile connections or mobility issues are of traditional concern. In this manner, connections will not be lost over security enforcement in an otherwise hostile environment. The security policies are enforced in a variety of ways, but may be altered to lesser policies or not-so-strictly enforced so as to maintain satisfactory connections between devices. Other embodiments contemplate analyzing connectivity components before connection and selecting only those components that enable full or best compliance with the policies.

Abstract: Methods and apparatus involve evaluating endpoint computing assets. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the traditional operating system identifies a last evaluation status of the computing device at a time just prior to shutting down. Upon a next booting, the pre-boot operating system loads and examines [reads] the last evaluation status. If the last evaluation status requires any completion action in order to comply with a predetermined computing policy, either or both the operating systems attend to its effectuation, including communication/handoff by way of one or more security agents. In a variety of ways, effectuation occurs by: determining a present location of the computing device, quarantining the computing device from certain network traffic; VPN enforcement; patching applications; firewall involvement; etc. Computer program products are also disclosed.

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.