Claims
- 1. A computer comprising:
an operating system controlling a computer resource; and an intrusion detection system integrated with the operating system and operable to monitor the computer resources to detect and prevent intrusion attempts.
- 2. The computer, as set forth in claim 1, wherein the computer resource is selected from the group consisting of data storage system, input/output system, a networking system, an application program execution environment, and interfaces to peripheral devices.
- 3. The computer, as set forth in claim 1, wherein the computer resource comprises an application program execution environment and a networking system under the control of the operating system and monitored by the intrusion detection system to detect, prevent and report intrusion attempts.
- 4. The computer, as set forth in claim 1, further comprising an anti-virus system integrated with the operating system and operable to monitor the data storage system, input/output system, networking system, application program execution environment, and interfaces to peripheral devices to detect the presence of at least one virus.
- 5. The computer, as set forth in claim 1, further comprising an anti-virus system integrated with the operating system and operable to monitor the data storage system, input/output system, networking system, application program execution environment, and interfaces to peripheral devices to detect and report the presence of at least one virus.
- 6. The computer, as set forth in claim 2, wherein intrusion detection is integrated with a networking stack of the networking system above the link layer operable to access raw network frames.
- 7. The computer, as set forth in claim 2, wherein the intrusion detection system is integrated with a networking stack of the networking system above the network layer operable to access reassembled fragments.
- 8. The computer, as set forth in claim 2, wherein the intrusion detection system is integrated with a networking protocol stack of the networking system above the transport layer.
- 9. The computer, as set forth in claim 2, wherein the intrusion detection system is integrated with a networking stack of the networking system between the network layer and the transport layer and between the transport layer and the application layer.
- 10. The computer, as set forth in claim 5, wherein the anti-virus system comprises a module operable to prevent reassembly of a virus.
- 11. The computer, as set forth in claim 5, wherein the anti-virus system comprises a module operable to recognize a virus.
- 12. The computer, as set forth in claim 5, wherein the anti-virus system comprises a module operable to prevent storage of a virus.
- 13. The computer, as set forth in claim 5, wherein the anti-virus system comprises a module operable to prevent transmission of a virus.
- 14. The computer, as set forth in claim 2, wherein the anti-virus system comprises a module operable to prevent execution of a virus.
- 15. A method comprising:
executing an OS-integrated intrusion detection system; and monitoring at least one computer resource to detect and prevent intrusion attempts.
- 16. The method, as set forth in claim 15, wherein monitoring at least one computer resource comprises monitoring at least one computer resource selected from the group consisting of a data storage system, an input/output system, a networking system, an application program execution environment, and interfaces to peripheral devices.
- 17. The method, as set forth in claim 15, wherein monitoring at least one computer resource comprises reporting intrusion attempts.
- 18. The method, as set forth in claim 16, further comprising integrating the intrusion detection system with a networking system above the link layer operable to access raw network frames.
- 19. The method, as set forth in claim 15, further comprising integrating the intrusion detection system with a networking stack of the networking system above the network layer operable to access reassembled fragments.
- 20. The method, as set forth in claim 15, further comprising integrating the intrusion detection system with a networking protocol stack of the networking system above the transport layer.
- 21. The method, as set forth in claim 15, further comprising integrating the intrusion detection system with a networking stack of the networking system between the network layer and the t ransport layer, and between the transport layer and the application layer.
- 22. A method comprising:
executing an OS-integrated anti-virus system; and monitoring at least one computer resource to detect the presence of at least one virus.
- 23. The method, as set forth in claim 22, wherein monitoring at least one computer resource comprises monitoring at least one computer resource selected from the group consisting of a data storage system, an input/output system, a networking system, an application program execution environment, and interfaces to peripheral devices.
- 24. The method, as set forth in claim 22, wherein monitoring at least one computer resource comprises reporting the presence of at least one virus.
- 25. The method, as set forth in claim 22, wherein the step of monitoring comprises detecting the reassembly of a virus.
- 26. The method, as set forth in claim 22, wherein the step of monitoring comprises recognizing a virus.
- 27. The method, as set forth in claim 22, wherein the step of monitoring comprises preventing the storage of a virus.
- 28. The method, as set forth in claim 22, wherein the step of monitoring comprises preventing the transmission of a virus.
- 29. The method, as set forth in claim 22, wherein the step of monitoring comprises preventing the execution of a virus.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This patent application is related to co-pending U.S. patent application, Attorney Docket No. 10014010-1, entitled “METHOD AND COMPUTER READABLE MEDIUM FOR SUPPRESSING EXECUTION OF SIGNATURE FILE DIRECTIVES DURING A NETWORK EXPLOIT”; U.S. patent application, Attorney Docket No. 10016933-1, entitled “SYSTEM AND METHOD OF DEFINING THE SECURITY CONDITION OF A COMPUTER SYSTEM”; U.S. patent application, Attorney Docket No. 10017028-1, entitled “SYSTEM AND METHOD OF DEFINING THE SECURITY VULNERABILITIES OF A COMPUTER SYSTEM”; U.S. patent application, Attorney Docket No. 10017029-1, entitled “SYSTEM AND METHOD OF DEFINING UNAUTHORIZED INTRUSIONS ON A COMPUTER SYSTEM”; U.S. patent application, Attorney Docket No. 10017055-1, entitled “NETWORK INTRUSION DETECTI0N SYSTEM AND METHOD”; U.S. patent application, Attorney Docket No. 10016861-1, entitled “NODE, METHOD AND COMPUTER READABLE MEDIUM FOR INSERTING AN INTRUSION PREVENTION SYSTEM INTO A NETWORK STACK”; U.S. patent application, Attorney Docket No. 10016862-1, entitled “METHOD, COMPUTER-READABLE MEDIUM, AND NODE FOR DETECTING EXPLOITS BASED ON AN INBOUND SIGNATURE OF THE EXPLOIT AND AN OUTBOUND SIGNATURE IN RESPONSE THERETO”; U.S. patent application, Attorney Docket No. 10016591-1, entitled “NETWORK, METHOD AND COMPUTER READABLE MEDIUM FOR DISTRIBUTED SECURITY UPDATES TO SELECT NODES ON A NETWORK”; U.S. patent application, Attorney Docket No. 10014006-1, entitled “METHOD, COMPUTER READABLE MEDIUM, AND NODE FOR A THREE-LAYERED INTRUSION PREVENTION SYSTEM FOR DETECTING NETWORK EXPLOITS”; U.S. patent application, Attorney Docket No. 10002019-1, entitled “METHOD, NODE AND COMPUTER READABLE MEDIUM FOR IDENTIFYING DATA IN A NETWORK EXPLOIT”; U.S. patent application, Attorney Docket No. 10017334-1, entitled “NODE, METHOD AND COMPUTER READABLE MEDIUM FOR OPTIMIZING PERFORMANCE OF SIGNATURE RULE MATCHING IN A NETWORK”; U.S. patent application, Attorney Docket No. 10017333-1, entitled “METHOD, NODE AND COMPUTER READABLE MEDIUM FOR PERFORMING MULTIPLE SIGNATURE MATCHING IN AN INTRUSION PREVENTION SYSTEM”; U.S. patent application, Attorney Docket No. 10017330-1, entitled “USER INTERFACE FOR PRESENTING DATA FOR AN INTRUSION PROTECTION SYSTEM”; U.S. patent application, Attorney Docket No. 10017270-1, entitled “NODE AND MOBILE DEVICE FOR A MOBILE TELECOMMUNICATIONS NETWORK PROVIDING INTRUSION DETECTION”; U.S. patent application, Attorney Docket No. 10017331-1, entitled “METHOD AND COMPUTER-READABLE MEDIUM FOR INTEGRATING A DECODE ENGINE WITH AN INTRUSION DETECTION SYSTEM”; U.S. patent application, Attorney Docket No. 10017328-1, entitled “SYSTEM AND METHOD OF GRAPHICALLY DISPLAYING DATA FOR AN INTRUSION PROTECTION SYSTEM”; and U.S. patent application, Attorney Docket No. 10017303-1, entitled “SYSTEM AND METHOD OF GRAPHICALLY CORRELATING DATA FOR AN INTRUSION PROTECTION SYSTEM”.