摘要:
A method of managing utilization of network intrusion detection systems in a dynamic data center is provided. A plurality of network intrusion detection systems are provided, each being networked so that utilization of each network intrusion detection system can be based on demand for the network intrusion detection systems in the dynamic data center. A monitoring policy and a plurality of monitoring points to be monitored on a network with any of the network intrusion detection systems are received. Further, the monitoring of the monitoring points is automatically arranged using the network intrusion detection systems and the monitoring policy.
摘要:
Methods and systems for establishing a consistent password policy. A plurality of password policies is described in a computer usable password policy data structure. The computer usable password policy data structure is accessed by a password policy enforcement agent. Optionally, the computer usable password policy data structure is validated for authenticity by the password policy enforcement agent. Optionally, the password policy enforcement agent can report back to a centralized configuration and aggregation point repository in order to provide a consistent view of policy enforcement.
摘要:
Embodiments of the invention provide a method and an apparatus for detecting and responding to email based propagation of malicious software (malware) in a trusted network. One embodiment provides a detector decoy email account to serve as generic bait for malicious software for a domain within the trusted network. In addition, at least one email account for the domain within the trusted network is provided as a detector probe account. In so doing, when the detector decoy email account receives an email from the detector probe account within the trusted network a policy based infection response rule is generated.
摘要:
Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of an asymmetric key security credential in a utility computing environment. In one method embodiment, the present invention provides an asymmetric key at a management server, the asymmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the asymmetric key to the provisionable resource. Then, after the asymmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.
摘要:
Embodiments of the present invention pertain to a method and an apparatus are described. In one embodiment, an initial authentication credential is associated with a management server and a node managed by the management server where the managed node can be provisioned by a dynamic provisioning system. An active authentication credential is generated. The initial authentication credential is used to create a secure communications channel between the management server and the managed node. The secure communications enables the communication of the active authentication credential between the management server and the managed node.
摘要:
Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment. In one method embodiment, the present invention establishes a symmetric key at a management server, the symmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the symmetric key to the provisionable resource. Then, after the symmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.
摘要:
Methods and systems for establishing a consistent password policy. A plurality of password policies is described in a computer usable password policy data structure. The computer usable password policy data structure is accessed by a password policy enforcement agent. Optionally, the computer usable password policy data structure is validated for authenticity by the password policy enforcement agent. Optionally, the password policy enforcement agent can report back to a centralized configuration and aggregation point repository in order to provide a consistent view of policy enforcement.
摘要:
Embodiments of the invention provide a method and an apparatus for detecting and responding to email based propagation of malicious software (malware) in a trusted network. One embodiment provides a detector decoy email account to serve as generic bait for malicious software for a domain within the trusted network. In addition, at least one email account for the domain within the trusted network is provided as a detector probe account. In so doing, when the detector decoy email account receives an email from the detector probe account within the trusted network a policy based infection response rule is generated.
摘要:
Embodiments of the invention provide a secure method for enabling the provisioning of a shared service in a utility computing environment. One embodiment establishes an account primary virtual local area network (VLAN) for at least one account in a utility computing environment. Then, a request is received from a service provider to provide a shared service to the at least one account. An isolated VLAN is established for each shared service being provisioned in the context of the account primary VLAN and a promiscuous port is provided for the service provider. A selection option is then provided to allow the at least one server to utilize the shared service provided by the service provider. An isolated port is then configured for the at least one server on an isolated VLAN between the at least one server that chooses to utilize the shared service, and the shared service.
摘要:
A method for verifying port integrity in a network, comprising: accessing port binding information in a port authorization file in the network, querying a port mapper in the network for a mapped port assignment, comparing the port assignment to the port binding, and initiating a response based on the results of the comparing.