Abstract: A computerized device transmits an access request to a data communications device of a network in an attempt to access network resources within the network. The data communications device, in response and in real-time, transmits a challenge request to the computerized device that directs the computerized device to retrieve configuration, or posture, credentials associated with the computerized device. A policy server receives the challenge response and, based upon a real-time analysis of the posture credentials of the computerized device, determines a security state of the computerized device and either provides some level or denies the computerized device access to the network resources based upon the analysis of posture.

Abstract: Mitigating threats in a network includes receiving a message at a network device. The message includes device-independent parameters generated in response to a threat. The network device converts the parameters into one or more device-specific operations and then performs the operations to mitigate the threat.

Abstract: Mitigating threats in a network includes receiving a message at a network device. The message includes device-independent parameters generated in response to a threat. The network device converts the parameters into one or more device-specific operations and then performs the operations to mitigate the threat.

Abstract: A system allows a device to communicate using a virtual network the method by assigning a network address to the device. The network address is selected from a plurality of network addresses that can be assigned to any of a plurality of virtual networks. The system receives a request to authenticate the device, and then determines a virtual network on which to assign the device. The virtual network is selected from the plurality of virtual networks. The system identifies the device as authenticated based on the assigning of the network address and the virtual network.

Abstract: The present invention provides a technique for securely implementing port-based authentication on a shared media port in an intermediate node, such as a router. To that end, the invention provides enhanced port-based network access control that includes client-based control at the shared media port. Unlike previous implementations, the port does not permit multiple client nodes to access a trusted subnetwork as soon as a user at any one of those nodes is authenticated by the subnetwork. Instead, port-based authentication is performed for every client node that attempts to access the trusted subnetwork through the shared media port. As such, access to the trusted subnetwork is not compromised by unauthenticated client nodes that “piggy-back” over the shared media port after a user at another client node has been authenticated by the trusted subnetwork.