Abstract: Methods and systems are provided for providing redundancy in data network communications. Data traffic on a first network channel used for the data communication between the two or more host systems can be monitored to obtain one or more attributes associated with the data traffic. Based on the data attributes, it may be determined whether one or more anomalies associated with the attributes exist. If so, the anomalies may be used to determine whether they are indicative of an imminent or current network event or condition. In response to a determination that the one or more anomalies are indicative of the event or condition, a second network channel may be selected for the data communication between the two or more host systems.

Abstract: Provided herein are systems and methods for implementing a more secure network client device in connection with the dynamic host configuration protocol (DHCP). Incoming DHCP Offer packets containing configuration information are temporarily collected. Once all incoming Offers are judged to have been received, offers are scored and a winning offer is selected. The winning offer is used to configure the device's network stack.

Abstract: Methods and systems for protecting a computing device to ensure network security are provided. In particular, one or more blacklists may be maintained by an Intrusion Protection System (IPS) for a computing device. Such blacklists may include information such as network addresses of suspected or confirmed rogue entities that pose threat to the security of the computing device. In an embodiment, the blacklists are dynamically updated (e.g., purged) when a network-related change is detected indicating, for example, that the computing device is moving from one network location to another. In some embodiments, one or more blacklists may each correspond to a communication channel, application, process or the like. In some embodiments, only selected blacklists are updated, such as those that are rendered stale or inapplicable by the detected network changes.

Abstract: Systems and methods are provided for protecting a defense with a self defending intrusion system. Data packets may be monitored to detect a pattern of activity indicating a potential attack. Upon detection of a threat, a countermeasure or progressive degradation of network services may be initiated on a selected basis so controllable reduce performance of data communication of the device.

Abstract: A method of preventing unauthorized user access to a computer network has been developed. The method includes receiving a domain name server resolution request at the computer network from a requesting user. Next a reply to the requesting user is generated with a domain name server resolution and internet protocol address of a target device within the computer network. The reply is inspected with a network security device, where the network security device does not have an assigned internet protocol address so that it remains undetected by the requesting user. The network security device then monitors data traffic to the computer network to detect a reply from the requesting user. Once detected, the reply to the internet protocol address is intercepted with the network security device. Finally, the network security device verifies that the requesting user is authorized to access the computer network with the network security device.

Abstract: An intelligent firewall that prevents unauthorized access to a system has been developed. The fire wall does not use a communication address. It receives a data packet and analyzes it to determine its final disposition. Finally, the firewall handles the data packet according to its final disposition.

Abstract: An intelligent firewall that prevents unauthorized access to a system has been developed. The fire wall does not use a communication address. It receives a data packet and analyzes it to determine its final disposition. Finally, the firewall handles the data packet according to its final disposition.

Abstract: An intelligent firewall that prevents unauthorized access to a system has been developed. The fire wall does not use a communication address. It receives a data packet and analyzes it to determine its final disposition. Finally, the firewall handles the data packet according to its final disposition.

Abstract: A method of processing data traffic at a firewall has been developed. The method prevents unauthorized access to a computer system by first receiving a SYN request for access to a destination in the system at a firewall. Upon receipt of a SYN request, the firewall sends a reply with an SYN/ACK message with changed packet information within the SYN/ACK message. The firewall receives an ACK message in reply to the SYN/ACK message. After the ACK message is authenticated by the firewall, the SYN request is recreated and forwarded to the destination in the system.

Abstract: A method of remotely managing a firewall has been developed. The method includes receiving a control data packet at the firewall from a remote location. Next, the control data packet is analyzed to determine if the control data packet is authorized to access the firewall. Finally, an authorized control data packet is allowed to control the firewall.

Abstract: An undetectable firewall for network protection has been developed. The invention includes a method of preventing unauthorized access to a computer system. The firewall receives a data packet and copies its contents exactly. Next, the firewall analyzes the data packet and determines if it is authorized to access the network. If the packet is authorized to access the network, it is sent on to its destination. If the packet is unauthorized to access the network, it is dropped by the firewall.