Abstract: Active Directory (AD) configuration file management described herein provides technical solutions for technical problems facing management of Linux/Unix and other Unix-like open source operating systems that use configuration files to manage systems, resources, and settings. This configuration file management may use a network-internal AD Group Policy Object (GPO) to manage these configuration files, where the configuration file management may convert the configuration files into GPOs for deployment via the AD. The use of GPO-based configuration files via AD provides the ability to manage external Linux/Unix systems. When the configuration file management agent detects a change, the configuration file is replaced with a known good configuration file based on the criterion GPO or criterion configuration file. This provides persistence of the configuration GPO and the corresponding Linux/Unix system configuration, such as to implement and enforce information security.

Abstract: Security of a protected computer that is accessible via a public network is enhanced by eliminating or reducing open network ports on the protected computer. To reduce open network ports, the protected computer initiates a control connection to an enterprise controller. A request for service from a client device is made to the enterprise controller. If appropriate, the request is then forwarded by the enterprise controller to the protected computer over the control connection. If the request is accepted by the protected computer, the protected computer opens an additional connection to the enterprise controller to provide for streaming of input and output between the task performed on the protected computer and the enterprise controller. This input and output is forwarded by the enterprise controller to the client device and/or protected computer.

Abstract: A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource.

Abstract: A system for enabling an endpoint residing in an external network to perform resource operations on an internal resource, the system including a directory service managing authentication and authorization operations for the internal resource, a gatekeeper device residing in the external network, and a gateway device residing in an internal network. The gatekeeper device is configured to receive a resource operation request from the endpoint, the resource operation request is associated with a user and transmit the resource operation request to the gateway device. The gateway device is configured to receive the resource operation request from the gatekeeper device, authenticate with the directory service as the user, using credentials of the user, authorize the resource operation request with the directory service, and initiate the resource operation request with the internal resource.

Abstract: A gateway device comprising a processor and a memory, the processor is configured to receive a login operation request from an external endpoint, the login operation request including a user identifier and user login credentials of a user. The processor is also configured to construct an authentication request including the user identifier and the user login credentials and transmit the authentication request to an internal directory service. The processor is further configured to receive an authentication response from the internal directory service, the authentication response including an authentication identifier for the user, and store the authentication identifier in the memory, the authentication identifier for use by the processor in pass-through impersonation of the user.