Abstract: Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring Systems, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.

Abstract: Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring Systems, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.

Abstract: Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring Systems, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.

Abstract: Disclosed is a method and system for network access control, including an authentication proxy that authenticates different access-points, retrieves data from security databases and from Network Monitoring System, processing said data according to a dynamic security policy and using said processing outcome to determine the access level which will be granted to an access point in the network.

Abstract: A reconnaissance detector for protecting a network from attack by detecting attempts by one or more inquirers preparing for a network attack to collect information from network resources designated in queries by the inquirers, the reconnaissance detector including: (a) a computer operationally connected to an entry point of the network operative to monitor the queries and responses to the queries from the designated network resources; (b) a network resource data storage operative to store addresses of the designated network resources and respective resource weights of the designated network resources, the resource weights being calculated based on the responses; and (c) an inquirer data storage operative to store addresses of the inquirers and respective inquirer weights, wherein each of the inquirer weights is calculated by accumulating the resource weights designated by each of the inquirers.

Abstract: A method and a system for providing security to a network by at least identifying an unauthorized user who is attempting to gain access to a node on the network, and preferably by then actively blocking that unauthorized user from further activities. Detection is facilitated by the unauthorized user providing a “mark”, or specially crafted false data, which the unauthorized user gathers during the information collection stage performed before an attack. The mark is designed such that any attempt by the unauthorized user to use such false data results in the immediate identification of the unauthorized user as hostile, and indicates that an intrusion of the network is being attempted. Preferably, further access to the network is then blocked by diverting traffic from the unauthorized user to a secure zone, where the activities of the unauthorized user can be contained without damage to the network.