Abstract: Automatically finding and using network services. An extensible framework is defined which allows any network service, new or old, to be defined. A base schema is defined that defines existing network services, and extension schemes may also be defined which are specific to new network services. A vendor can define the schemas in XML, as well as using software plug-ins and configuration data. The information is stored on a network provider's server. Clients can browse the network providers server for available services. Any available services can be accepted. When this happens, a form is provided to the client; the client fills out the form; and returns it. The information on the form is associated with the XML schemas and used to select and automatically configure the network service.

Abstract: A method and system are disclosed. The method includes receiving a first request from a user at a dispatcher that corresponds to a first transaction. The method further includes creating at the dispatcher a unique identifier that is associated with the user. The unique identifier is based on data that is received from the user. A server is then assigned to the first request by adding an entry to a mapping table that is maintained by the dispatcher. The unique identifier is then associated with the assigned server.

Abstract: A method, apparatus and system for extending wireless network coverage is generally presented. In this regard, an extender agent is introduced to determine whether a wireless communication(s) was intended for a client(s) on an extended coverage network serviced by a client receiving the communication.

Abstract: An intermediate layer referred to as InfiniSock that enables socket-based, legacy applications to access an InfiniBand® fabric, while also enabling new applications designed to take advantage of the InfiniBand® Architecture to function within a socket API environment. The InfiniSock layer supports the traditional AF_INET address family and also includes a novel address family referred to as AF_IB to support the InfiniBand® Architecture.

Abstract: A routing architecture comprising at least one or more switches for packet switching and a controller for controlling the switches is proposed. A packet is received by the controller through the switch as if the switch is located in the controller.

Abstract: A method, apparatus and system for detection of and reaction to rogue access points is generally presented. In this regard, a security agent is introduced to compare at least a subset of information received from a wired network device with information previously stored to determine if a rogue access point is present.

Abstract: A traffic pattern of data packets that originate at a traffic source and are transmitted through one of multiple ports is monitored. A parameter value characterizing fluctuations a in a transmission rate of data through the port relative to a transmission rate for the monitored traffic pattern is generated, and data packets from the traffic source are allocated to at least one other port for transmission based on the first parameter value.

Abstract: A system and method for restricting access to a wireless local area network by a client based on the location of such client, such that access is denied or withdrawn to a client who is outside of such permitted area.

Abstract: Methods, machines, and systems manage security policies of heterogeneous infrastructure and computing devices of a network. Security policy repository houses security policies that are pushed over the network by a policy decision point PDP to appropriate security-enabled devices (policy enforcement points (PEPs)) for enforcement. Using a closed feedback loop, a policy feedback point (PFP) collects and processes data from intrusions, alerts, violations, and other abnormal behaviors from a variety of PEPs or logs produced from PEPs. This data is sent as feedback to the policy repository. The PDP detects the data and analyzes it to determine if policy updates (which can be dynamic and automatic) need to be adaptively made and dynamically pushed to PEPs. The PDP can also send console messages or alerts to consoles or administrators.

Abstract: A dynamic, multi-tier intrusion detection system for a computer network. The multi-tier intrusion detection system includes a global intrusion detection (GID) agent. A number of network intrusion detection (NID) agents may each be coupled with the GID agent, each NID agent being associated with a network. One or more local intrusion detection (LID) agents are coupled with each NID agent.

Abstract: The present disclosure relates to the survivability of a network system and, more particularly, to a multi-tiered network intrusion detection and response system.

Abstract: The invention is a system to secure data. The data security system includes data, a data security system enforcer, a local policy database, and a centralized policy manager. When a block level file access request is received, the data security system enforcer checks the local policy database to see if the file access request is authorized. If the file access request is authorized, then the file access request is performed. Intrusions may be determined based on the type and number of unauthorized file access requests. Forensic analysis may be performed on a database logging file access requests (both authorized and unauthorized).

Abstract: The invention is a system and method for applying a uniform network security policy. The security policy is described using a computer-readable file. The computer-readable file may be filtered and/or translated into other files that may be used as inputs to security devices. An example of one such security device is a remote system security controller, which is responsible for ensuring that remote devices outside the corporate network enforce the corporate security policy. In addition, the system is capable of updating the security policy of all network components based on feedback received from one or more devices.

Abstract: A method and system are disclosed for providing an environment allowing agents to function on a set of devices having resources, the environment providing services allowing agents access to resources. Each agent has an associated permission list indicating which services the agent may access. Each agent may move from an environment on one device on a network to an environment on another device.

Abstract: Methods and apparatus implementing systems and techniques for providing application-based network quality of service (QoS). QoS may be provided in a connectionless packet-switched network using QoS system components placed in the network stacks of end nodes in the network. In general, in one implementation, a technique includes: examining a set of instructions embodying an invoked application to identify the invoked application, obtaining a quality-of-service policy corresponding to the identified application, and managing network communications generated by the invoked application, using the quality-of-service policy to provide a specified network quality of service to the invoked application.

Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.

Abstract: Network intrusion detection accurately identifies and takes into consideration currently running network applications by examining machine instructions embodying those applications. Intrusion detection using application-specific intrusion criteria (e.g., normal communication behavior tracking criteria and/or intrusion signatures) allows application-specific responses to intrusions. Dynamic loading and checking for intrusion signatures may be performed by intrusion detection components that run in the same context as the running application being monitored. A central security authority may provide a repository for, and maintain, up to the minute intrusion signatures for networked machines. Application communications may be tracked to identify abnormal application behavior, and a network security administrator may be notified that a particular application may be making the network vulnerable to intrusion.

Abstract: Techniques for operating a network by using a first database with topological information of linked devices and a second database with topological information, software resources, and available hardware resources of certain programmable devices to adapt to changes of the network.

Abstract: An intermediate layer referred to as InfiniSock that enables socket-based, legacy applications to access an InfiniBand® fabric, while also enabling new applications designed to take advantage of the InfiniBand® Architecture to function within a socket API environment. The InfiniSock layer supports the traditional AF_INET address family and also includes a novel address family referred to as AF_IB to support the InfiniBand® Architecture.

Abstract: A server hosting system including a server cluster and a plurality of dispatchers, the plurality of dispatchers providing multiple points of entry into the server cluster. The server cluster and plurality of dispatchers are interconnected by a network, such as a system area network. Each of the dispatchers maintains a local dispatch table, and the local dispatch tables of the plurality of dispatchers, respectively, share data over the network.