Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Methods, machines, and systems manage security policies of heterogeneous infrastructure and computing devices of a network. Security policy repository houses security policies that are pushed over the network by a policy decision point PDP to appropriate security-enabled devices (policy enforcement points (PEPs)) for enforcement. Using a closed feedback loop, a policy feedback point (PFP) collects and processes data from intrusions, alerts, violations, and other abnormal behaviors from a variety of PEPs or logs produced from PEPs. This data is sent as feedback to the policy repository. The PDP detects the data and analyzes it to determine if policy updates (which can be dynamic and automatic) need to be adaptively made and dynamically pushed to PEPs. The PDP can also send console messages or alerts to consoles or administrators.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Automatically finding and using network services. An extensible framework is defined which allows any network service, new or old, to be defined. A base schema is defined that defines existing network services, and extension schemes may also be defined which are specific to new network services. A vendor can define the schemas in XML, as well as using software plug-ins and configuration data. The information is stored on a network provider's server. Clients can browse the network providers server for available services. Any available services can be accepted. When this happens, a form is provided to the client; the client fills out the form; and returns it. The information on the form is associated with the XML schemas and used to select and automatically configure the network service.

Abstract: A method and system are disclosed. The method includes receiving a first request from a user at a dispatcher that corresponds to a first transaction. The method further includes creating at the dispatcher a unique identifier that is associated with the user. The unique identifier is based on data that is received from the user. A server is then assigned to the first request by adding an entry to a mapping table that is maintained by the dispatcher. The unique identifier is then associated with the assigned server.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: The invention is a system and method for applying a uniform network security policy. The security policy is described using a computer-readable file. The computer-readable file may be filtered and/or translated into other files that may be used as inputs to security devices. An example of one such security device is a remote system security controller, which is responsible for ensuring that remote devices outside the corporate network enforce the corporate security policy. In addition, the system is capable of updating the security policy of all network components based on feedback received from one or more devices.

Abstract: An apparatus comprises a forwarding component configured to forward data by looking up a routing table, another forwarding component configured to receive the data, and an intermediate forwarding component bridging the two components to forward the data without looking up the routing table.

Abstract: The invention is a system to secure data. The data security system includes data, a data security system enforcer, a local policy database, and a centralized policy manager. When a block level file access request is received, the data security system enforcer checks the local policy database to see if the file access request is authorized. If the file access request is authorized, then the file access request is performed. Intrusions may be determined based on the type and number of unauthorized file access requests. Forensic analysis may be performed on a database logging file access requests (both authorized and unauthorized).

Abstract: A method, apparatus and system for extending wireless network coverage is generally presented. In this regard, an extender agent is introduced to determine whether a wireless communication(s) was intended for a client(s) on an extended coverage network serviced by a client receiving the communication.

Abstract: A server hosting system including a server cluster and a plurality of dispatchers, the plurality of dispatchers providing multiple points of entry into the server cluster. The server cluster and plurality of dispatchers are interconnected by a network, such as a system area network. Each of the dispatchers maintains a local dispatch table, and the local dispatch tables of the plurality of dispatchers, respectively, share data over the network.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Automatically finding and using network services. An extensible framework is defined which allows any network service, new or old, to be defined. A base schema is defined that defines existing network services, and extension schemes may also be defined which are specific to new network services. A vendor can define the schemas in XML, as well as using software plug-ins and configuration data. The information is stored on a network provider's server. Clients can browse the network providers server for available services. Any available services can be accepted. When this happens, a form is provided to the client; the client fills out the form; and returns it. The information on the form is associated with the XML schemas and used to select and automatically configure the network service.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: In one aspect of the invention is a method for locking in all client requests having the same session I.D. to the same server to facilitate secure e-commerce transactions. A client's session I.D. is mapped to an SSL context between a dispatcher and a server such that all subsequent client requests having the same session I.D. are forwarded to the same server.