Abstract: A security agent extends the trust barrier, or trust point, from network gateway nodes to end user devices. A security agent operable to scrutinize network traffic executes on the user device and compares QoS marking attempts with the established QoS marking policy in effect. The security agent examines network traffic attributes deterministic of connection attempts by user processes. Attempts to apply inappropriate or disallowed QoS markings, as dictated by the QoS marking policy, are detected and disallowed. Therefore, only user connections consistent with the QoS marking policy are permitted into the network. Network admission control (NAC) mechanisms ensure that the security agent is the only access point from the user device to the secure network, and the security agent communicates the establishment of the trusted access point to the network gateway, thus ensuring that the network gateway may trust service level designations emanating from the user device executing the security agent.

Abstract: A trace detector prevents network mapping and tracing by detecting an initial packet containing an initial time to live value that meets a first predetermined threshold range. The trace detector identifies a source address of the initial packet and adjusts a threshold time to live range for detection of at least one subsequent trace route or response packet associated with the source address of the initial packet. In response to detecting the subsequent packet(s), the trace detector processes the subsequent packet(s) associated with the source address of the initial packet according to a security policy to prevent a trace process originating the initial packet from tracing a network using the at least one subsequent packet.