Abstract: A method of identifying a plurality of nodes on a network, includes receiving at at least one of the plurality of nodes on the network a query posed by a caller node determining at the at least one of the plurality of nodes on the network an answer to the query, forwarding the answer to the query from the at least one of the plurality of nodes on the network to the caller node and receiving, at the caller node, the answer to the query from the at least one of the plurality of nodes on the network and maintaining a list of nodes which responded to the query.

Abstract: A system for filtering packets includes a first router, a second router, and a packet filter. The first router encapsulates a packet and transmits the encapsulated packet to the packet filter through a first tunnel. The packet filter receives the encapsulated packet through the first tunnel and de-encapsulates the encapsulated packet. The packet filter then determines whether the de-encapsulated packet is undesirable and, in response to determining that the de-encapsulated packet is not undesirable, encapsulates the de-encapsulated packet and transmits the encapsulated-not-undesirable packet to a second router through a second tunnel. The second router receives the encapsulated-not-undesirable packet from the second tunnel and de-encapsulates the encapsulated-not-undesirable packet.

Abstract: A method for key distribution includes steps or acts of: deprecating a first key on a server; receiving a request from a client wherein the client request includes the deprecated key; verifying the client request by using the deprecated key provided in the client request to decrypt the client request; and sending a communication to the client advising that the first key has been updated. An additional step of sending instructions to the client on obtaining the updated key may also be provided. Additionally, instructions on obtaining the updated key may be sent to the client.

Abstract: The present disclosure is directed to a method and system for detecting malware using a remote server. In accordance with a particular embodiment of the present disclosure a hash value for a file is generated. The hash value is transmitted to a remote server. A notification is received from the remote server indicating whether the file comprises malware. At least one operation on the file is prevented if the notification indicates the file comprises malware.

Abstract: The present disclosure is directed to a method and system for detecting malware using a secure operating system mode. In accordance with a particular embodiment of the present disclosure a file is received. The file is stored in a secure directory. At least one operation is prevented on the file. A secure operating system mode is started to detect whether the file comprises malware.

Abstract: The present disclosure is directed to a method and system for protecting data. In accordance with a particular embodiment of the present disclosure a new file is created. A key is retrieved for the file from a keyserver. The key includes a key identifier and an encryption algorithm. The file is encrypted using the encryption algorithm. The key identifier is stored in a data repository. The data repository relates the key identifier to the encrypted file.

Abstract: The present invention includes a system and method of preventing remote installation of software on a computer. The method may include preventing installation of software when a computer is operating in a normal mode and rebooting the computer into a safe mode wherein network connections of the computer are disabled. The method may also include allowing installation of the software while the computer is in the safe mode.

Abstract: In accordance with a particular embodiment of the present invention, a method of detecting kernel level rootkits includes requesting first information from a kernel level process, the first information including first contents. The first information is received at a user level process. The method also includes compiling second information at kernel level, the second information including second contents corresponding to an expected first contents of the first information. The first contents are compared to the second contents.

Abstract: The present invention includes a system and method of monitoring software installations including detecting that an attempt is being made to install software on a client computer and halting installation of the software. The method may also include requesting permission from a master computer to install the software and allowing the installation of the software on the client computer if the master computer grants permission.

Abstract: A system and method are provided for detecting kernel level rootkits including scanning a kernel memory using a kernel level detector. The kernel level detector includes kernel level code executing in kernel space. The kernel memory is compared to at least one rootkit signature file to determine if a rootkit signature corresponding to the rootkit signature file is present in the kernel memory.

Abstract: A system and method are provided for updating software on a client computer including accessing a list of available redistribution servers in a network wherein each redistribution server includes particular software for download. A hop count is determined between a client computer and a plurality of the redistribution servers on the list of available redistribution servers, and the software is requested from a redistribution server with the lowest determined hop count.

Abstract: A method for remote management communication is provided. A bind message including a new protocol identifier is sent from a source node to a destination node. A response message is received by the source node from the destination node. The source node sends one or more additional messages to the destination node, using a protocol corresponding to the new protocol identifier, if the response message from the destination node is an acknowledgement message.

Abstract: A method and system for consolidating a computer security log includes providing a security log including information pertaining to security events on a computer system, the log including entries specifying at least information identifying a relative time each event occurred and information identifying a type of each event, determining from the log a number of times a particular type of event occurred during a specified time period and creating a consolidated log including for each entry at least information identifying a first time that the particular type of event occurred during the specified time period, information identifying the type of the particular event and information indicating a number of times the particular type of event occurred during the specified time period.

Abstract: A method for maintaining computer security includes detecting a connection failure, storing information relating to the connection failure, determining a number of connection failures and determining whether a machine is infected with malicious code based on the determined number of connection failures.

Abstract: A method for blocking the execution of prohibited files, includes requesting execution of a file to be executed, identifying the file to be executed, comparing the identified file to be executed to a list of files that are prohibited and executing the identified file to be executed when the identified file to be executed does not match a file listed in the list of files that are prohibited.

Abstract: A method for discovering computers connected to a computer network, including receiving a packet containing address information of a computer connected to the computer network that sent the packet, extracting the address information from the packet, and adding the address information to a database of discovered computers connected to the computer network.

Abstract: Methods and systems for maintaining computer security are provided. The method for maintaining security of a computer system comprises determining an initial system certainty value for the computer system, providing access to a database of signatures, each signature including a signature certainty value, receiving data, comparing the received data with the database of signatures, increasing the system certainty value if the received data does not match a signature in the database, decreasing the system certainty value if the received data matches a signature in the database and filtering the data based on the system certainty value and the signature certainty value of a signature matching the received data.

Abstract: A method for creating a reusable library, including providing one or more functions, providing a function table for the provided one or more functions, and providing a configuration structure for communicating values between the provided one or more functions and a program that calls the reusable library. The program that calls the reusable library communicates a function table structure to the reusable library containing information as to which of the one or more functions are desirable. When those of the one or more functions that are not desirable contain dependencies, those dependencies are canceled.

Abstract: A method for combating malicious programs including monitoring network traffic from one or more devices, analyzing the network traffic to determine the presence of a malicious program in the one or more devices and disabling transmission of the network traffic for those of the one or more devices determined to have the malicious program present.

Abstract: A method for detecting malicious programs within a computer network includes monitoring at least one first packet of data communicated over the network, analyzing the at least one first packet of data to detect the presence of a malicious program, generating a signature of the at least one first packet of data when a malicious program is detected, monitoring at least one second packet of data communicated over the network and detecting evidence of the malicious program in the at least one second packet of data utilizing the generated signature.