Abstract: A system, method and computer program product are provided for affording network security features. A plurality of network objects are identified. Rule sets associated with one or more of the identified network objects are retrieved. Each rule set includes a plurality of policy rules that govern actions relating to the identified network objects. Overlapping policy rules of the rule sets are reconciled amongst the network objects. The reconciled rule sets are executed. A computer program product and a method are also provided for establishing network security. A plurality of network objects of a network and a plurality of rule sets are provided. The network objects are associated with the rule sets. The rule sets include a plurality of policy rules that govern actions relating to the identified network objects during operation of the network.

Abstract: A system and method for providing a network host decoy on a virtual host using a pseudo implementation of a network protocol stack are described. A hierarchical network protocol stack is functionally defined and includes a plurality of communicatively interfaced protocol layers. A request frame originating from a remote host is received. The request frame includes a plurality of recursively encapsulated data segments which each correspond to a successive protocol layer in the network protocol stack. At each protocol layer, processing a header associated with the encapsulated data segment demultiplexs each encapsulated data segment in the request frame. Any requested network service is performed and any recursively encapsulated portion is forwarded to the next successive protocol layer. A plurality of pseudo data segments corresponding to each of the protocol layers in the network protocol stack is formed. Each pseudo data segment includes a header and data portion.

Abstract: A system and a method for providing trustworthy network security concern communication in an active security management environment are described. A digital certificate including a validated server identifier for a server system is stored on a client system. A digital certificate including a validated client identifier for the client system is stored on the server system. A communications session between the client system and the server system is established. The communications session includes a secure socket connection authenticating each of the client system and the server system using the stored client digital certificate and the stored server digital certificate. A certogram is generated upon the occurrence of a network security concern on the client system. The certogram encloses a notification of the network security concern occurrence and a suggested action responsive thereto within the certogram. The certogram is processed on the server system.

Abstract: A system and process for brokering a plurality of security applications using a centralized broker in a distributed computing environment is described. A centralized broker is executed on a designated system within the distributed computing environment. A set of snap-in components are provided with each performing a common management task sharable by a plurality of security applications. A console interface is exposed from the centralized broker. The console interface implements a plurality of browser methods which each define an browser function which can be invoked by each snap-in component. A set of snap-in interfaces are exposed from each snap-in component. Each snap-in interface implements a plurality of service methods which each define a user-interface function which can be invoked by the centralized broker. One or more security applications are brokered through the centralized broker. Each security application is interfaced to the centralized broker through the snap-in components.

Abstract: A system and a process for maintaining a plurality of remote security applications using a centralized broker in a distributed computing environment are described. A centralized broker is executed on a designated system within the distributed computing environment. A console interface from the centralized broker is exposed. The console interface implements a plurality of browser methods which each define a browser function which can be invoked by a plurality of snap-in components. A namespace snap-in component is defined and includes a logical grouping identifying at least one remote security application being executed on a remote system within the distributed computing environment. A namespace interface from the namespace snap-in component is exposed. The namespace interface implements a plurality of namespace methods each defining a storage function which can be invoked by the centralized broker. A repository including a plurality of storages corresponding to each remote system is formed.

Abstract: A system and a process for reporting network events using hierarchically-structured event databases in a distributed computing environment are disclosed. A centralized broker is executed on a designated system within the distributed computing environment. At least one security application is provided as a plug-in component on a client system interfaced remotely to the centralized broker. A local event database is maintained on the client system. The local event database includes a set of entries in which network events generated by the at least one security application are transitorily stored. Network events forwarded from the local event database are received via a communications server service. The communications server service exposes a set of communication interfaces implementing a plurality of event methods. Each communication interface defines an event management function which can be invoked by the centralized broker.

Abstract: System and methodology providing automated or “proactive” network security (“active” firewall) are described. The system implements methodology for verifying or authenticating communications, especially between network security components thereby allowing those components to share information. In one embodiment, a system implementing an active firewall is provided which includes methodology for verifying or authenticating communications between network components (e.g., sensor(s), arbiter, and actor(s)), using cryptographic keys or digital certificates. Certificates may be used to digitally sign a message or file and, in a complementary manner, to verify a digital signature. At the outset, particular software components that may participate in authenticated communication are specified, including creating a digital certificate for each such software component.