Abstract: In one embodiment, a proxy device located between a first device and a second device intercepts a security session request for a security session between the first device and the second device. The proxy device obtains security information from the first device that includes at least a subject name of the first device. The proxy device creates a dynamic certificate using the subject name of the first device and a trusted proxy certificate of the proxy device. The proxy device establishes a security session between the proxy device and the second device using the dynamic certificate. Further, the proxy device establishes a security session between the first device and the proxy device using the trusted proxy certificate of the proxy device. The two security sessions collectively operate as a security session between the first device and the second device.

Abstract: In one embodiment, a proxy device located between a first device and a second device intercepts a security session request for a security session between the first device and the second device. The proxy device obtains security information from the first device that includes at least a subject name of the first device. The proxy device creates a dynamic certificate using the subject name of the first device and a trusted proxy certificate of the proxy device. The proxy device establishes a security session between the proxy device and the second device using the dynamic certificate. Further, the proxy device establishes a security session between the first device and the proxy device using the trusted proxy certificate of the proxy device. The two security sessions collectively operate as a security session between the first device and the second device.

Abstract: In one embodiment, a server and a client are configured to trust a certificate of an intermediate proxy device. The proxy device may then intercept a client-server security session request message sent from the client to the server. In response, the proxy device initiates a proxy-server security session with the server and obtains server security information from the server. Then, the proxy device initiates a client-proxy security session with the client using the trusted proxy certificate, and obtains client security information from the client. Upon obtaining the client security information, the proxy device creates a dynamic certificate using the obtained client security information and the trusted proxy certificate, and establishes the initiated proxy-server security session with the dynamic certificate.

Abstract: Methods and systems for associating an event log entry with the rule that triggered its creation are described. In one embodiment, an apparatus is described. The apparatus has an event handling device for applying a plurality of rules; an event log with a plurality of log entries, and a hash value appender for appending a hash value log entries. When the event handling device performs an application of one of the rules, an entry is created in said event log, and the hash value generator appends a unique hash value to the entry. The unique hash value corresponds to the rule that was applied.

Abstract: In one embodiment, a server and a client are configured to trust a certificate of an intermediate proxy device. The proxy device may then intercept a client-server security session request message sent from the client to the server. In response, the proxy device initiates a proxy-server security session with the server and obtains server security information from the server. Then, the proxy device initiates a client-proxy security session with the client using the trusted proxy certificate, and obtains client security information from the client. Upon obtaining the client security information, the proxy device creates a dynamic certificate using the obtained client security information and the trusted proxy certificate, and establishes the initiated proxy-server security session with the dynamic certificate.

Abstract: Methods and systems for associating an event log entry with the rule that triggered its creation are described. In one embodiment, an apparatus is described. The apparatus has an event handling device for applying a plurality of rules; an event log with a plurality of log entries, and a hash value appender for appending a hash value log entries. When the event handling device performs an application of one of the rules, an entry is created in said event log, and the hash value generator appends a unique hash value to the entry. The unique hash value corresponds to the rule that was applied.

Abstract: A mechanism limits the flow of topology information to only those nodes of a computer network that require the information. The mechanism comprises a filter having a plurality of conditions that are evaluated by a node of the network prior to forwarding the topology information to another node. Specifically, the conditions are evaluated with respect to lists of nodes that are defined according to the configuration of the network. By applying the filtering conditions to the defined lists, each node may selectively propagate the topology information throughout the network, thereby substantially reducing the amount of information flowing over the network.