Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.

Abstract: A technique for collecting and using signal reputation data, comprising obtaining a plurality of signal reputation data corresponding to a plurality of locations, categorizing the signal reputation data into groups, calculating signal circles for at least some of the groups based on a representative signal value for the corresponding group, calculating a signal reputation score for each signal circle, determining a best signal circle for a user mobile device within a predetermined distance of dead zones, and sending the best signal circle to the user mobile device based at least in part on the signal reputation score and a location of the user mobile device. In some embodiments, the technique may include some but not all of these actions and additional actions, such as suspending obtaining signal reputation data based on battery status.

Abstract: Example methods, apparatus, systems and articles of manufacture to implement cooperative mitigation of distributed denial of service attacks originating in local networks are disclosed. An example network element disclosed herein is to detect a first distributed denial of service attack associated with first network traffic received by an Internet service provider network, the first network traffic originating from a first device connected to a local network. The disclosed example network element is also to implement a threat signaling client to transmit first information describing the first distributed denial of service attack to a threat signaling server implemented by a local network router of the local network, and receive second information from the threat signaling server of the local network, the second information to provide a notification when the first network traffic associated with the first distributed denial of service attack has been mitigated.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: Mechanisms for split tunneling are provided. The mechanisms identify user devices and determine that communications for a first device of the user devices are to be tunneled. These mechanisms also receive a DNS request from a second device of the user devices, modify the DNS request to request meta information corresponding to a domain identified in the DNS request, and send the DNS request to a DNS server. The mechanisms further receive a response to the DNS request, wherein the response includes the meta information, determine that communications for the second device are not to be tunneled based at least in part on the meta information, and cause the communications for the first device to be tunneled and the communications for the second device to not be tunneled.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: A technique for collecting and using signal reputation data, comprising obtaining a plurality of signal reputation data corresponding to a plurality of locations, categorizing the signal reputation data into groups, calculating signal circles for at least some of the groups based on a representative signal value for the corresponding group, calculating a signal reputation score for each signal circle, determining a best signal circle for a user mobile device within a predetermined distance of dead zones, and sending the best signal circle to the user mobile device based at least in part on the signal reputation score and a location of the user mobile device. In some embodiments, the technique may include some but not all of these actions and additional actions, such as suspending obtaining signal reputation data based on battery status.

Abstract: Methods and apparatus for managing online transactions involving personal data are disclosed. An example non-transitory computer readable medium comprises instructions that, when executed, cause a machine to at least encrypt user personal information for storage in a user information database, identify a request for personal information from a service provider, determine a reputation score of the service provider using a service reputation database, compare the reputation score against a threshold for reputability, cause presentation of a request for approval to provide user information to the service provider, in response to user approval, provide the user information to the service provider, and add the service provider to a list of service providers that have been given access to user information.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Abstract: A technique for collecting and using signal reputation data, comprising obtaining a plurality of signal reputation data corresponding to a plurality of locations, categorizing the signal reputation data into groups, calculating signal circles for at least some of the groups based on a representative signal value for the corresponding group, calculating a signal reputation score for each signal circle, determining a best signal circle for a user mobile device within a predetermined distance of dead zones, and sending the best signal circle to the user mobile device based at least in part on the signal reputation score and a location of the user mobile device. In some embodiments, the technique may include some but not all of these actions and additional actions, such as suspending obtaining signal reputation data based on battery status.

Abstract: Example methods, apparatus, systems and articles of manufacture to implement cooperative mitigation of distributed denial of service attacks originating in local networks are disclosed. An example network element disclosed herein is to detect a first distributed denial of service attack associated with first network traffic received by an Internet service provider network, the first network traffic originating from a first device connected to a local network. The disclosed example network element is also to implement a threat signaling client to transmit first information describing the first distributed denial of service attack to a threat signaling server implemented by a local network router of the local network, and receive second information from the threat signaling server of the local network, the second information to provide a notification when the first network traffic associated with the first distributed denial of service attack has been mitigated.

Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.

Abstract: Sharing IoT device (IoTd) profile data is provided, comprising: generating at least one access control rule to protect an IoTd; publishing first IoTd profile data in a first new block (FNB) of a blockchain of a blockchain network (BN), wherein the first IoTd profile data comprises the at least one access control rule; and committing the FNB to the blockchain based on a consensus algorithm by: a manufacturer of the IoTd committing the FNB to the blockchain; a security vendor (SV) participating in the BN committing the FNB to the blockchain when the SV is a sole SV participating in the BN; or the SV committing the FNB to the blockchain based on consensus among at least the SV and a plurality of security vendors when the SV and the plurality of security vendors are participating in the BN.

Abstract: Example methods, apparatus, systems and articles of manufacture to implement cooperative mitigation of distributed denial of service attacks originating in local networks are disclosed. An example local network router disclosed herein includes a mitigator to mitigate a distributed denial of service attack detected by an Internet service provider, the distributed denial of service attack associated with network traffic originating from a first device connected to a local network. The example local network router also includes a threat signaling server to identify the first device based on first information received from a threat signaling client of the Internet service provider, the first information describing the distributed denial of service attack. The example threat signaling server is also to transmit second information to notify the threat signaling client of the Internet service provider when the network traffic associated with the distributed denial of service attack has been mitigated.

Abstract: Mechanisms (which can include systems, methods, and media) for securing an Internet of Things (IoT) device are provided, the mechanisms comprising: receiving a DNS request identifying a fully qualified domain name (FQDN) that originated from the IoT device; in response to receiving the DNS request, determining by a hardware processor whether to allow or drop a connection between the IoT device and a target domain corresponding to the FQDN; and responding to the DNS request with instructions to allow or drop the connection based on the determining.

Abstract: Mechanisms for split tunneling are provided, the method comprising: identifying a plurality of user devices; determining that communications for a first device of the plurality of user devices are to be tunneled; receiving a DNS request from a second device of the plurality of user devices; modifying the DNS request to request meta information corresponding to a domain identified in the DNS request; sending the DNS request to a DNS server using the hardware processor; receiving a response to the DNS request including the meta information; determining that communications for the second device are not to be tunneled based at least in part based on the meta information; and causing the communication for the first device to be tunneled and the communications for the second device to not be tunneled.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: A technique for collecting and using signal reputation data, comprising obtaining a plurality of signal reputation data corresponding to a plurality of locations, categorizing the signal reputation data into groups, calculating signal circles for at least some of the groups based on a representative signal value for the corresponding group, calculating a signal reputation score for each signal circle, determining a best signal circle for a user mobile device within a predetermined distance of dead zones, and sending the best signal circle to the user mobile device based at least in part on the signal reputation score and a location of the user mobile device. In some embodiments, the technique may include some but not all of these actions and additional actions, such as suspending obtaining signal reputation data based on battery status.