Abstract: A method includes a computer detecting an element from a data flow for at least one endpoint device; the computer using the detected element and a protection engine to assess security requirements for the flow of data for the at least one endpoint device; and the computer causing the protection engine to issue additional security controls for the at least one endpoint device.

Abstract: A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.

Abstract: In general, the present invention provides a method and system for calibrating an electrical device that utilizes a data networking protocol (e.g., 802.1X) over a power delivery network. Specifically, the present invention leverages information gathered and stored during the authentication and operation of the electrical device to determine whether the electrical device should be calibrated. In general, the present invention makes this determination based on time elapsed since a previous calibration and/or cumulative usage of the device.

Abstract: Method and apparatus for protecting a data processing system such as an Internet server from attack by a vandal who uses an offensive vulnerability scanner to find an externally visible vulnerability of the data processing system. The method includes determining an externally visible vulnerability using a defensive vulnerability scanner, configuring an intrusion detection system to detect a network flow associated with the vulnerability, and blocking that flow by a firewall or a router. The apparatus includes a defensive vulnerability scanner that finds an externally visible vulnerability and provides a description of the vulnerability, an intrusion detection system that detects a network flow that satisfies the description, and a firewall or a router that blocks the flow responsive to detection of the flow by the intrusion detection system.

Abstract: A system and method in which network packets sharing a common destination are bundled into one or more larger packets. In one embodiment, an originating server, gateway, or other network device recognizes the presence of multiple, small IP packets having a common IP address. The network device according to the present invention is configured to concatenate or bundle two or more such small packets. The bundled packet as a whole is then given a new header, the bundle header, that includes the network destination address and information that informs the receiving protocol processing device that the packet is a bundled packet. The receiving device can then strip off the bundle header and process the component packets individually according to an existing protocol.

Abstract: System, method and program product for managing a chat session. A server maintains an identity and list of member(s) of a group that can be added to a chat session, and a list of people authorized to request that the group of member(s) be added to the chat session. A person in a chat session at a workstation makes a request to add the group of member(s) to the chat session. In response, the workstation sends the request to the server. In response to the request, the server determines if the person is authorized to add the group to the chat session. If so, the server sends an invitation to the member(s) to join the chat session. If not, the server does not send an invitation to the member(s) to join the chat session. To make the request to add the group to the chat session, the person can enter in a chat session text field a character string that is a command to add the group to the chat session.

Abstract: An authenticator is configured with intelligence for the purpose of providing a “failsafe” mode for port-based authentication (802.1x). This failsafe mode enables end users to access a network when communication between the authenticator and the authentication server has temporarily failed, but keeps security measures in place so that unauthorized users cannot gain network access. An 802.1x access control point (e.g., a switch) is enabled to continue to authenticate certain users onto the network during periods of temporary communication failure with the authentication server, by locally storing alternative authentication information limited to historical authentication information of clients that have previously accessed the network via the authentication server. Subsequent revalidation of specific users using the primary authentication information follows restoration of communication with the authentication server.

Abstract: Method, system, and program product for port based authentication protocols where addresses are dynamically assigned within a network environment, and more particularly to port based authentication in the network environment, where connection information is captured and stored. This facilitates administrator access to information created as a result of protocol exchanges involved in dynamic address assignment, authentication, and connection.

Abstract: System, method and program product for reporting status of a process. A flow chart illustrates steps of the process and an order for performance of the steps. Then, a determination is made whether any of the steps has been performed. In response to a determination that any of the steps has been performed, graphically representing on the flow chart that the step has been performed. The graphical representation can be color-coding of the step. The determination that a step has been performed can be made based on user input that the step has been performed, or automatically by a program checking a record indicating that the step has been performed. Also, a program can automatically determine that a deadline for performing one of the steps has passed without performance of the one step. In response, the program initiates a graphical representation on the one step in the flowchart that the deadline has passed without performance of the one step.

Abstract: Method, system, and product for remotely communicating with and identifying owners of objects on an IP network by providing a database identifying owners of objects on an IP network, discovery scanning the IP network for logical objects, sending a message to an unlisted logical object requesting a registration action of the recipient, receiving the registration action indicating an owner of the logical object, and updating the database with the received indication of the owner of the object. The method, system, or product may be embodied in a software application (such as an operating system element), a dedicated processor, or a dedicated processor with dedicated code.

Abstract: A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.

Abstract: A system and method for an end user to change the operation of a data flow filter mechanism, such as a firewall, that operates to control data flows between a plurality of protected computing devices and one or more non-protected computing devices. With the system and method, an administrator of a sub-network of computing devices may set a client computing device's scope of rules/policies that may be changed by a user of the client computing device, with regard to a data flow filter mechanism. The user of the client computing device, or the client computing device itself, may then log onto the data flow filter mechanism and modify the operation of the data flow filter mechanism within the limits established by the administrator.

Abstract: Under the present invention, a credit account can be associated with a locational restriction and a corresponding monetary restriction. The locational restriction sets forth a specific merchant or type of merchant at which a credit account can be used. The monetary restriction sets forth a maximum monetary amount that can be charged to that account by the specified merchant or type of merchant. When a request to approve a purchase using the credit account is received from a merchant, it will be determined whether the locational and monetary restrictions are met. If so, the request is approved. However, if either restriction is not met, the request will be denied.

Abstract: A method and system for controlling a plurality of pipes in a computer system including at least one central system is disclosed. The pipes provide traffic from a plurality of distributed systems. The method and system include providing a first plurality of data packets from a pipe of the plurality of pipes to a fast path or a slow path during a time interval such that none of the first plurality of data packets is dropped. The first plurality of data packets arrive in a time interval. The fast path includes a fast storage, while the slow path includes a bulk storage. The method and system also include providing a second plurality of data packets from the fast storage or the bulk storage to the central system in a first in first out order during the time interval.