Abstract: An online protection system and method for actively filtering webpages using a rule-based protective agent such that internet connectable communication devices receive a clean copy of the webpage. The protective agent may be operable to perform rule based filtering of static and web-generated pages. The system includes a data scanner, a report processor and a rule-based logic generator. The protection system may include malware server site scanner to prevent any potential backdoors and possibly introducing remedy to the infected files or quarantining in a non-standard directory locations.

Abstract: A system and methodology for providing community-based security policies is described. In one embodiment in a system comprising a plurality of devices connected to a network, a security module is provided for establishing security settings for regulating network access at these devices. Information is collected from at least some the devices about the security settings established on such devices and consensus security settings are generated based upon the collected information. In response to a request for network access at a particular device, determining whether or not to permit network access is based, at least in part, upon the consensus security settings.

Abstract: A system providing methodologies for automatically detecting when a computing device is plugged into a new network is described. The system includes methods for detecting a connection to a new network by receiving notice of, and evaluating, changes to an existing network configuration. The system profiles and generates an identity for the new network. This includes collecting information about the network to uniquely identify it and generating a unique identifier for the network. Once a network has been profiled, a user may decide whether or not to include it as part of a trusted zone. Alternatively, this decision may be guided by policy established by a system administrator or user. The system automatically reconfigures a firewall to include or exclude the network from the trusted zone based upon this decision. The profile of each network is stored so that the next time the device is connected to the same network it remembers the network and applies the same security settings previously adopted.

Abstract: A system and methodology for protecting new computers by applying a preconfigured security update policy is described. In one embodiment, for example, a method is described for controlling connections to a computer upon its initial deployment, the method comprises steps of: upon initial deployment of the computer, applying a preconfigured security policy that establishes a restricted zone of preapproved hosts that the computer may connect to upon its initial deployment; receiving a request for a connection from the computer to a particular host; based on the preconfigured security policy, determining whether the particular host is within the restricted zone of preapproved hosts; and blocking the connection if the particular host is not within the restricted zone of preapproved hosts.

Abstract: System and methodology for intrusion detection and prevention is described. In one embodiment, for example, a method is described for detecting and preventing network intrusion, the method comprises steps of: defining intrusion descriptions specifying exploits that may be attempted by malicious network traffic, the intrusion descriptions indicating specific applications that may be targeted by individual exploits; for a particular application participating in network communication, deriving a subset of the intrusion descriptions specifically applicable to that particular application; using the subset of the intrusion descriptions specifically applicable to that application, monitoring network traffic destined for the particular application for detecting an attempted network intrusion; and if a network intrusion is detected, blocking network traffic destined for the particular application determined to comprise an exploit.

Abstract: A security system with methodology providing verified secured individual end points is described.

Abstract: A system providing methodologies for automatically detecting when a computing device is plugged into a new network is described. The system includes methods for detecting a connection to a new network by receiving notice of, and evaluating, changes to an existing network configuration. The system profiles and generates an identity for the new network. This includes collecting information about the network to uniquely identify it and generating a unique identifier for the network. Once a network has been profiled, a user may decide whether or not to include it as part of a trusted zone. Alternatively, this decision may be guided by policy established by a system administrator or user. The system automatically reconfigures a firewall to include or exclude the network from the trusted zone based upon this decision. The profile of each network is stored so that the next time the device is connected to the same network it remembers the network and applies the same security settings previously adopted.

Abstract: A computing environment with methods for monitoring access to an open network, such as a WAN or the Internet, is described. The system includes one or more clients, each operating applications or processes (e.g., Netscape Navigator.TM. or Microsoft Internet Explorer.TM. browser software) requiring Internet (or other open network) access (e.g., an Internet connection to one or more Web servers). Client-based monitoring and filtering of access is provided in conjunction with a centralized enforcement supervisor. The supervisor maintains access rules for the client-based filtering and verifies the existence and proper operation of the client-based filter application. Access rules which can be defined can specify criteria such as total time a user can be connected to the Internet (e.g., per day, week, month, or the like), time a user can interactively use the Internet (e.g.