Abstract: At least one anomaly associated with at least one actual hardware element in a computer system having a plurality of hardware elements is addressed. The anomaly is detected, and, responsive to the detection, a virtualization layer is inserted between (i) an operating system of the computer system, and (ii) the plurality of hardware elements. Hardware emulation and/or selective hardware activation/deactivation are performed on the at least one actual hardware element by the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner.

Abstract: A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system.

Abstract: Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts (2). Status information, indicative of status of a host, is automatically acquired from each host (2). The status information, such as MAC address, security and/or operational information, acquired from a host (2) is automatically recorded in at least one DNS record, associated with the IP address of that host (2), of a DNS server (4). The host status information in the DNS records can then be accessed for network management operations. The automatic acquisition and recording of the status information may be performed by a DHCP server (3) of the network on allocation of dynamic IP addresses to hosts (2).

Abstract: The invention relates to a method for operating virtual networks.

Abstract: A first virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least first and second hardware devices of the computer system. Data is communicated between the first hardware device and the second hardware device, via the first virtualization layer, without exposing the data to the operating system.

Abstract: A specification of a set of objects associated with at least one virtual world is obtained. The objects are laid out in a three-dimensional virtual representation. An on-the-fly virtual place is created in the virtual world, based on the layout.

Abstract: At least one anomaly associated with at least one actual hardware element in a computer system having a plurality of hardware elements is addressed. The anomaly is detected, and, responsive to the detection, a virtualization layer is inserted between (i) an operating system of the computer system, and (ii) the plurality of hardware elements. Hardware emulation and/or selective hardware activation/deactivation are performed on the at least one actual hardware element by the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner.

Abstract: A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious code strings related to a detected intrusion are identified, extracted and forwarded to a pattern filter located in the monitored data processing system to prevent further intrusions using said malicious code strings. The malicious code strings may be forwarded to a response server for assembling sets of similar malicious code strings for which signatures are generated to permit identification of all malicious code strings contained in a set. The generated signatures are then distributed to monitored and/or monitoring systems of a protected network to prevent further intrusions using the malicious code strings and variations thereof.

Abstract: Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts (2). Status information, indicative of status of a host, is automatically acquired from each host (2). The status information, such as MAC address, security and/or operational information, acquired from a host (2) is automatically recorded in at least one DNS record, associated with the IP address of that host (2), of a DNS server (4). The host status information in the DNS records can then be accessed for network management operations. The automatic acquisition and recording of the status information may be performed by a DHCP server (3) of the network on allocation of dynamic IP addresses to hosts (2).

Abstract: A method and apparatus are provided for detecting peer-to-peer communication on a data communication network, between an internal client machine within an internal address space and an external client machine. The method includes routing all messages addressed to internal client machines to an analysis device. The analysis device identifies messages pertaining to peer-to-peer communication and identifies the internal client machine to which the messages of a specified nature were addressed. The analysis device terminates the connection with the external client machine if the establishing of the peer-to-peer communication is in violation of a pre-determined internal network rule.

Abstract: The invention relates to a method for operating virtual networks.

Abstract: A method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer. An intrusion detection system comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate. Malicious code strings related to a detected intrusion are identified, extracted and forwarded to a pattern filter located in the monitored data processing system to prevent further intrusions using said malicious code strings. The malicious code strings may be forwarded to a response server for assembling sets of similar malicious code strings for which signatures are generated to permit identification of all malicious code strings contained in a set. The generated signatures are then distributed to monitored and/or monitoring systems of a protected network to prevent further intrusions using the malicious code strings and variations thereof.