With the proliferation of networked devices such as computers, digital assistants, wireless phones and so forth, and the ubiquitous access afforded to these devices by local, regional and wide area networks, such as the Internet, even the most protected executables and data can be vulnerable to harm. Whether the harm is due to damage caused by a virus, an unauthorized access, or simply due to natural occurrences such as exposure to the elements, the importance of executable and data integrity and security cannot be overstated.
FIG. 1 illustrates an example modern networked computing environment, comprising a “farm” 102 of application servers (AS) 104 serving a number of remote client computing devices 112 (hereinafter, simply clients). AS 104 are coupled to local area network (LAN) 108, which in turn is coupled to inter-network 110, through gateway 106. Some clients 112 are coupled to inter-network 110 directly, while others are coupled through their respective LAN 114. AS 104 may be an enterprise server, a Web Server and so forth, whereas clients 112 may be a desktop, laptop or palm sized computing devices, a personal digital assistants (PDA), or a wireless mobile phone (commonly referred to as “cell phones”).
Examples of LAN include but are not limited to Token Ring, Ethernet, phone/power line based “home” networking, as well as various types of wireless networking. Examples of wide area networks include but are not limited to SONET networks, ATM networks, Frame Relays, and the like. Of particular notoriety is the TCP/IP based global inter-networks, Internet.
Gateway 106 typically includes some kind of “firewalls” to protect AS 104 from unauthorized or malicious accesses. For certain applications, gateway 106 may also include virtual private network (VPN) supports, i.e. requiring accesses by some or all of clients 112 to be through VPN connections, again to protect AS 104 from unauthorized or malicious accesses.
Each AS 104 typically includes a session manager 128 to manage user (i.e. client) sessions. The user/client sessions may be allocated and implemented in any one of a number of known manners, including but not limited to a master/slave, or a peer-to-peer relationship among the AS 104.
Additionally, each AS 104 typically includes some kind of virus detection and monitoring software to prevent AS 104 from being infected with destructive viruses. Further, depending on the application services being offered, some or all of the applications or application services 122 hosted (including the operating system 126) may employ one or more “tamper resistant” techniques, to prevent the application/operating system software and/or data from being compromised. These “tamper resistant” techniques include but are not limited to authentication, anti-modification as well as anti-observation techniques.
Recently, companies such as Tripwire, Inc. of Portland, Oreg., also offer monitoring software to assist Information Technology (IT)/network administrators in efficiently monitor the state of the various computing units of computing environments.
However, typically under the prior art, beside logging and/or notifications, i.e. alerts, of potentially harmful “intrusive” events, virus disinfecting and so forth, few if any automated services are available to enable a computing environment to quickly and automatically respond to integrity compromising situations, with little or no administrator intervention.
Thus, an improvement in this aspect of securing a computing environment is desired.