Abstract: A system and a method for providing trustworthy network security concern communication in an active security management environment are described. A digital certificate including a validated server identifier for a server system is stored on a client system. A digital certificate including a validated client identifier for the client system is stored on the server system. A communications session between the client system and the server system is established. The communications session includes a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate. A certogram is generated upon the occurrence of a network security concern on the client system. The certogram encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram. The certogram is processed on the server system.

Abstract: A method for analyzing a connection oriented multiplexing and switching network (COMSN), includes dividing a subsection of a COMSN network into a plurality of virtual channel characterization (VCC) layers, extracting frames from the subsection when the frames are available over a period of time in each of the plurality of VCC layers, and selectively displaying objects associated with the frames and the relationships between the objects.

Abstract: A system, method and computer program product are provided for filtering various voice protocols. A plurality of voice protocols is initially displayed. Next, an indication is received from a user as to the selection of the voice protocols. It is further determined as to a particular filtering mode that is currently operating. Next, the selected voice protocols are filtered in the determined filtering mode.

Abstract: A method for improving the performance and responsiveness of a computer program is presented. The system consists of a read-ahead mechanism that scans current data-sets and reads data-sets referenced within the current data-set prior to any actual request or access to the data set by the system. The determination of which data sets to access is made based upon a prioritization computed either through user defined settings or through heuristic observation of the system's behavior. The present invention has particular value in connection with Internet communications and access to remote data.

Abstract: The invention provides for on-access scanning of archives, such as “ZIP” files, for files containing viruses or other unwanted characteristics. In particular, disclosed are various techniques for beginning a scanning operation, and then monitoring the scanning operation to determine whether it is completing in a reasonable time. If the scanning operation is taking place within a terminal server type of environment, such as the Microsoft Terminal Server, where an application program is run in a virtual execution environment, then provision is made to identify client connections to the server so that error messages (such as denying file access due to a virus) can be presented to a terminal server client's terminal, rather than at the terminal server console.

Abstract: The present invention is directed at the implementation of a dynamic wrapper for discovery of non-exported functions and subsequent method interception. A practical usage of dynamic wrappers is for security software packages to augment access controls applied to the wrapped modules. The invention permits interception of distributed component object model (DCOM) client initiated method calls at a DCOM server during runtime. The interceptor of the method call denies or grants access to the DCOM method to be executed. The actual logic to determine access permissions need not be part of the interceptor. The interceptor runs as part of the DCOM server. It contains logic to distinguish at runtime the identity of the principal associated with the DCOM client requesting the execution of the function call. The technique works with commercial-off-the-shelf (COTS) software and does not require modification of the application source code.

Abstract: A system and method for increasing the security of a data guard is disclosed. The data guard is based on a multi-part proxy that includes a first proxy agent that communicates with an inside computer network region, a second proxy agent that communicates with an outside computer network region, and a content-based filter application that reviews information that is passed between the first proxy agent and the second proxy agent. Both the first and second proxy agents can be based on existing firewall proxies. The proxy agents listen for protocol operations (e.g., IIOP requests or replies) and translate those protocol operations into protocol-independent data. The protocol independent data is then analyzed by a protocol-independent content-based filter. The behavior of the multi-part proxy can be further constrained through the use of software wrapper technology.

Abstract: A computer program product enables a computer device to implement a method of monitoring Web page traffic. The multi-step method begins by automatically sending a first ping at a first time to a first Internet address associated with a first Web page. A first response time for the first ping is measured to determine a first level of Internet traffic on the first Web page. Using the first response time, a first value is assigned to a perceptible characteristic of a first graphical object, which is then displayed on a display device associated with the computer device. Next, a second ping is automatically sent to the first Internet address at a second time. The second response time to the second ping is measured to determine a second level of Internet traffic on the first Web page. Based on the second response time a second value is assigned to the perceptible characteristic of the first graphical object, which is then redisplayed on the display device.

Abstract: A system and process for brokering a plurality of security applications using a centralized broker in a distributed computing environment is described. A centralized broker is executed on a designated system within the distributed computing environment. A set of snap-in components are provided with each performing a common management task sharable by a plurality of security applications. A console interface is exposed from the centralized broker. The console interface implements a plurality of browser methods which each define an browser function which can be invoked by each snap-in component. A set of snap-in interfaces are exposed from each snap-in component. Each snap-in interface implements a plurality of service methods which each define a user-interface function which can be invoked by the centralized broker. One or more security applications are brokered through the centralized broker. Each security application is interfaced to the centralized broker through the snap-in components.

Abstract: A system and a process for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment are described. A centralized broker is executed on a designated system within the distributed computing environment. A console interface from the centralized broker is exposed. The console interface implements a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components. A namespace snap-in component is defined and includes a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment. A namespace interface from the namespace snap-in component is exposed. The namespace interface implements a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker. A repository including a plurality of storages corresponding to each remote system is formed.

Abstract: A system and a process for reporting network events using hierarchically-structured event databases in a distributed computing environment are disclosed. A centralized broker is executed on a designated system within the distributed computing environment. At least one security application is provided as a plug-in component on a client system interfaced remotely to the centralized broker. A local event database is maintained on the client system. The local event database includes a set of entries in which network events generated by the at least one security application are transitorily stored. Network events forwarded from the local event database are received via a communications server service. The communications server service exposes a set of communication interfaces implementing a plurality of event methods. Each communication interface defines an event management function which can be invoked by the centralized broker.

Abstract: System and methodology providing automated or “proactive” network security (“active” firewall) are described. The system implements methodology for verifying or authenticating communications, especially between network security components thereby allowing those components to share information. In one embodiment, a system implementing an active firewall is provided which includes methodology for verifying or authenticating communications between network components (e.g., sensor(s), arbiter, and actor(s)), using cryptographic keys or digital certificates. Certificates may be used to digitally sign a message or file and, in a complementary manner, to verify a digital signature. At the outset, particular software components that may participate in authenticated communication are specified, including creating a digital certificate for each such software component.

Abstract: A system, method and computer program product are provided for scanning a source of suspicious network communications. Initially, network communications are monitored for violations of policies. Then, it is determined whether the network communications violate at least one of the policies. Further, a source of the network communications that violate at least one of the policies is identified. Upon it being determined that the network communications violate at least one of the policies, the source of the network communications is automatically scanned.

Abstract: A system and method update client computers of various end users with software updates for software products installed on the client computers, the software products manufacturered by diverse, unrelated software vendors. The system includes a service provider computer system, a number of client computers and software vendor computer systems communicating on a common network. The service provider computer system stores in an update database information about the software updates of the diverse software vendors, identifying the software products for which software updates are available, their location on the network at the various software vendor computer systems, information for identifying in the client computers the software products stored thereon, and information for determining for such products, which have software updates available. Users of the client computers connect to the service provider computer and obtain a current version of portions of the database.

Abstract: A method for searching the Internet is provided that includes generating search criteria for an Internet search utilizing a first search agent that is resident on a first computer, distributing search tasks related to the Internet search to other search agents that are resident on their computers, utilizing the other search agents to perform the distributed search tasks, and then reporting the results of each search task back to the first search agent. In a preferred embodiment, the other search agents also retrieve the results of their distributed search tasks, so that the search results may be more easily accessed by the person that initiated the search. In an embodiment, the computers that host the search agents have connections to a common intranet and the search tasks are distributed only to search agents that have been identified as being available to support Internet searching.

Abstract: A system, method and computer program product are provided for detecting attacks on a network. Initially, data is received from a remote source which is destined for a target. A portion of such data is then discarded based on a predetermined set of rules utilizing a firewall which is coupled to the remote source. Remaining data is subsequently passed to an intrusion detection system coupled between the firewall and the target. Such data is parsed to identify data representing text (i.e. ASCII or UNICODE text) therein utilizing the intrusion detection system. Thereafter, the data representing text- is compared to a predetermined list of data representing text-associated with attacks utilizing the intrusion detection system. Based on the comparison, some of the data representing text are marked as hostile. The data representing text-that are marked as hostile are then acted upon in order to prevent an attack.

Abstract: A software virtual machine mechanism that increases the efficiency of context switching is disclosed. In an application to the networking environment, the software virtual machine is operative to increase the efficiency of handling input/output operations through the improved control of switching between contexts. The software virtual machine supports restartable instructions such that the resumption of a previously blocked context will continue at the instruction that had previously blocked.

Abstract: A method and computer executable program code are disclosed to verify the source of software downloaded from a remote site to a client computer over a computer network before the software can be executed on the client computer.

Abstract: A system and method update client computers of various end users with software updates for software products installed on the client computers, the software products manufacturered by diverse, unrelated software vendors. The system includes a service provider computer system, a number of client computers and software vendor computer systems communicating on a common network. The service provider computer system stores in an update database information about the software updates of the diverse software vendors, identifying the software products for which software updates are available, their location on the network at the various software vendor computer systems, information for identifying in the client computers the software products stored thereon, and information for determining for such products, which have software updates available. Users of the client computers connect to the service provider computer and obtain a current version of portions of the database.

Abstract: A system and a method for dynamically sensing an asynchronous network event within a modular framework for network event processing are described. An occurrence of asynchronous network events is sensed on one or more network event sensors. Each such sensor implements a common interface via which the sensor can be connected to the modular framework. At least one port over which can be received a message from a network agent indicating the occurrence of a network event is passively monitored. The message includes event data pertinent to the network event. The message is received over the at least one port via a listener thread and staged into a holding structure within which can be placed a plurality of received messages. Each received message is iteratively removed from the holding structure via a handler thread. An action set mapping corresponding to each received message is retrieved and an action set is generated from the action set mapping via a generator process.