Abstract: Information is automatically located which is relevant to source content that a user is viewing on a user interface without requiring the user to perform an additional search or navigate links of the source content. The source content can be, e.g., a web page or a document from a word processing or email application. The relevant information can include images, videos, web pages, maps or other location-based information, people-based information and special services which aggregate different types of information. Related content is located by analyzing textual content, user behavior and connectivity relative to the source. The related content is scored for similarity to the source. Content which is sufficiently similar but not too similar is selected. Similar related content is grouped to select representative results. The selected content is filtering in multiple stages based on attribute priorities to avoid unnecessary processing of content which is filtered out an early stage.

Abstract: A method of presenting information on a display monitor within a computing environment includes accessing a website containing a related collection of electronic pages, crawling the website to obtain raw image data for at least some of each of the pages, porting the raw image data into a template so that each of the crawled pages is converted into a corresponding information panel containing a mapping of the content of its respective corresponding page, and displaying each of the information panels on a respective display monitor so all of the panels are viewable to a user in a single screen shot. Related methods, apparatus, and systems are further provided.

Abstract: Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.

Abstract: A method and system for unified diagnosis of a network incident is provided. The unified diagnostics system is comprised of a monitoring tool, a network layer including a firewall, and a policy engine. The monitoring tool is invoked by a user in order to diagnose a network incident. The network layer and the policy engine generate various events that provide a history of their processing, and the monitoring tool collects these events. When the user attempts a network activity that fails, the network layer places an event notification in a notification queue. Then the monitoring tool analyzes the event notifications to identify events that are related to the same network incident. After analyzing the network incident and event information, the user can take the necessary action to correct the problem that caused the incident.

Abstract: A service provides an image collection as a visual preview of content pages having a link in or otherwise related to a current page. A first content page is provided to a user and may have one or more links to additional content pages. Each of the related content pages may have one or more images. Selected images of the one or more content pages are provided in an image collection. The images may be positioned in rows, columns, or some other manner within the collection. The image collection is prepared dynamically from related content pages when the current page is loaded and does not require any software in the currently content page to be changed as the linked content pages change.

Abstract: A requested content page is provided with additional relevant content that is dynamically generated. A page originally requested by a browser application is generated and examined to determine key words, address information, and other information for which relevant content may be retrieved. The other information may not be part of the original page content, but it can be the relation between the content page and other pages. The relevant content is determined based on the results of the content page examination. After retrieving the relevant content, the retrieved content is embedded into the requested content page and provided to the requesting user. The retrieved relevant content may be provided with the requested content page in a designated portion within the requested content page, near related content in the page, and/or displayed in response to user input as a pop-up window or in a preview pane.

Abstract: Discovery of intermediate network devices is performed using a technique that piggybacks upon the existing standard TCP (Transport Control Protocol) “SACK” (Selective Acknowledgment) option in a SYN/ACK packet so that discovery information may be shared between pair-wise-deployed peer intermediate devices when a TCP/IP connection (Transport Control Protocol/Internet Protocol) is first established between network endpoints using a conventional three-way handshake. Use of the SACK option is combined with another technique which comprises modifying the original 16-bit value of the TCP receive window size to a special arbitrary value to mark a SYN packet as being generated by a first peer device. The marked SYN when received by the second peer device triggers that device's discovery information to be piggybacked in the SACK option of the SYN/ACK packet. The first device then piggybacks its discovery information in the SACK option of the ACK packet which completes the three-way handshake.

Abstract: Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.

Abstract: Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system.

Abstract: A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic.

Abstract: Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.

Abstract: Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.

Abstract: Computer-readable medium having a data structure stored thereon for defining a schema for expressing a network security policy. The data structure includes a first data field including data defining a parameter to be applied based on the network security policy. The network security policy defines at least one of the following: a firewall rule and a connection security rule. The data structure also includes a second data field having data specifying restrictions of the parameter included in the first data field. The parameter in the first data field and the restrictions in the second data field form the schema for expressing the network security policy to be processed. The network security policy manages communications between a computing device and at least one other computing device.

Abstract: The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.

Abstract: A proxy service receives requests from a remote caller to configure a main service. The proxy service authenticates the caller and validates the request. The proxy service then passes the request along to the main service if the caller can be authenticated and if the request can be validated. The proxy service runs at a non-privileged level, but when the proxy service passes the request to the main service, the proxy service impersonates the caller so that the request to the main service is made at the original caller's level of privilege. The main service can block all inbound network traffic, since network requests to configure the main service are received by the proxy, which is a local object from the perspective of the main service. Additionally, the proxy can block inbound traffic other than a certain class of requests (e.g., Remote Procedure Calls).

Abstract: A method and system for unified diagnosis of a network incident is provided. The unified diagnostics system is comprised of a monitoring tool, a network layer including a firewall, and a policy engine. The monitoring tool is invoked by a user in order to diagnose a network incident. The network layer and the policy engine generate various events that provide a history of their processing, and the monitoring tool collects these events. When the user attempts a network activity that fails, the network layer places an event notification in a notification queue. Then the monitoring tool analyzes the event notifications to identify events that are related to the same network incident. After analyzing the network incident and event information, the user can take the necessary action to correct the problem that caused the incident.

Abstract: Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.

Abstract: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.

Abstract: Signatures are sought in a source text. These signatures may be defined by regular expressions, and thus may include substrings. These substrings are located by a substring locator may be implemented using a finite state machine or a trie with walkers. When a substring is located, the existence and location of the substring is reported to a signature locator. The signature locator tracks reported substrings and determines whether a signature has been found. Complex signatures are supported which may include, for example, two substrings separated by a specific number of wildcards, or by at least and/or at most a certain number of wildcards. High performance which allows real-time searching of network traffic for signatures is enabled.

Abstract: A system and a method for indicating to the subscriber of a network, which subscriber is not continually connected to the network host facility, of the existence of a reason for initiating such a connection. A computer device is connected to the host facility and adapted for generating an indication signal addressed to the subscriber. A system modem is interconnected between a telephone communication link and the computer device so as to be responsive to the indication signal for generating an outgoing call and transmitting thereof to a subscriber modem associated with the subscriber.