Abstract: The disclosed system, apparatuses, and method can be used to relate network event data generated by different devices in a computer network in order to provide a user with a comprehensive view or report of network activity occurring on a computer network, including the computer, user, network address, and resource involved. This comprehensive view of network activity can be used to prove compliance with applicable policy, law and/or regulation restricting access to a resource such as confidential business information and/or personal information required to be protected. In addition, the comprehensive view of network activity can be used to discover vulnerabilities in the computer network, to monitor ongoing network activity, and to enforce applicable security policy, law and/or regulation to prevent access to a network resource.

Abstract: An embodiment of a system of the invention includes a request node, an enforcement node, and a resource node. A request node generates a packet requesting access to a resource, includes its security realm identifier in the packet header, and transmits the same to the enforcement node via a network such as the Internet. The enforcement node receives the packet and applies the security policy of the resource node based on whether or not the request node is in the same security realm as the resource node. Related apparatuses, methods, and computer-readable media are also disclosed and claimed.

Abstract: The disclosed system, apparatuses, methods, and computer-readable media can be used by a computer to establish the security status of another computer before establishing a network connection to it. Responsive to a request message, security state data indicating this status can be incorporated into a response message as one of the first few packets exchanged by computers to establish a network connection. This enables a computer to determine whether the other computer's security status is compliant with its security policy before establishing the network connection, reducing risk of infection by a virus, worm, or the like.

Abstract: A system of the invention comprises first and second computers. The first computer retrieves and incorporates its security state data in a message requesting a network connection with the second computer. The second computer receives the message and determines whether its security policy data permits connection with the first computer given the security state of the first computer as indicated by its security state data. The security state data can comprise data indicating whether an anti-virus application, firewall application, or operating system are running on the first computer, and are up-to-date. If so, the second computer permits the network connection to proceed. If not, then the second computer either drops the connection request or terminates the connection request by transmitting a disconnection message to the first computer. The invention also comprises related apparatuses, methods, and computer-readable media.

Abstract: A system of the invention comprises first and second computers. The first computer retrieves and incorporates its security state data in a message requesting a network connection with the second computer. The second computer receives the message and determines whether its security policy data permits connection with the first computer given the security state of the first computer as indicated by its security state data. The security state data can comprise data indicating whether an anti-virus application, firewall application, or operating system are running on the first computer, and are up-to-date. If so, the second computer permits the network connection to proceed. If not, then the second computer either drops the connection request or terminates the connection request by transmitting a disconnection message to the first computer. The invention also comprises related apparatuses, methods, and computer-readable media.

Abstract: The disclosed system, apparatuses, methods, and computer-readable media can be used by a computer to establish the security status of another computer before establishing a network connection to it. Responsive to a request message, security state data indicating this status can be incorporated into a response message as one of the first few packets exchanged by computers to establish a network connection. This enables a computer to determine whether the other computer's security status is compliant with its security policy before establishing the network connection, reducing risk of infection by a virus, worm, or the like.

Abstract: The disclosed system, apparatuses, methods, and computer-readable media can be used by a computer to establish the security status of another computer before establishing a network connection to it. Responsive to a request message, security state data indicating this status can be incorporated into a response message as one of the first few packets exchanged by computers to establish a network connection. This enables a computer to determine whether the other computer's security status is compliant with its security policy before establishing the network connection, reducing risk of infection by a virus, worm, or the like.

Abstract: A system of the invention comprises first and second computers. The first computer retrieves and incorporates its security state data in a message requesting a network connection with the second computer. The second computer receives the message and determines whether its security policy data permits connection with the first computer given the security state of the first computer as indicated by its security state data. The security state data can comprise data indicating whether an anti-virus application, firewall application, or operating system are running on the first computer, and are up-to-date. If so, the second computer permits the network connection to proceed. If not, then the second computer either drops the connection request or terminates the connection request by transmitting a disconnection message to the first computer. The invention also comprises related apparatuses, methods, and computer-readable media.

Abstract: A method, system and program for preventing intrusion in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources and authorized user information is stored in a database at a network portal along with access policy rules that are device and user dependent. Identification of the source node is required before the source node can construct a transformed packet header that is included with a synchronization packet before transmission to a destination node. An appliance or firewall in the communications network receives and authenticates the synchronization packet before releasing the packet to its, intended destination. The authentication process includes verification of the access policy associated with the source node. Once received at the destination node, the transformed packet header is reformed by extracting a key index value.