Abstract: A system and method for securely encrypting and booting a headless appliance. A method includes providing the headless appliance with content stored in a memory, wherein the content is encrypted with a key, and wherein the key is separately stored on a remote computing device; booting the headless appliance and loading a fallback configuration; in response to a user device connecting to the headless appliance, directing the user device to a captive portal and capturing credentials of a user; forwarding the credentials to the remote computing device for verification by an identity provider; in response to the credentials being verified as a non-administrator, granting access to a public network for the user; and in response to the credentials being verified as an administrator, obtaining the key from the remote computing device to decrypt the content to provide access to a private network for the user.

Abstract: A system and method for securely encrypting and booting a headless appliance. A method includes providing the headless appliance with content stored in a memory, wherein the content is encrypted with a key, and wherein the key is separately stored on a remote computing device; booting the headless appliance and loading a fallback configuration; in response to a user device connecting to the headless appliance, directing the user device to a captive portal and capturing credentials of a user; forwarding the credentials to the remote computing device for verification by an identity provider; in response to the credentials being verified as a non-administrator, granting access to a public network for the user; and in response to the credentials being verified as an administrator, obtaining the key from the remote computing device to decrypt the content to provide access to a private network for the user.

Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.

Abstract: A system and method for securely encrypting and booting a headless appliance. A computerized method is disclosed that includes: providing the network appliance with content encrypted with a secret key; launching the network appliance in a fallback configuration that provides limited operational capabilities; forwarding a request for the secret key to an online service that independently utilizes an identity provider to establish trust with an appliance administrator; receiving the secret key from the online service upon establishment of trust with the appliance administrator; decrypting the content with the secret key received from the online service; and utilizing the content to launch the network appliance in a full configuration.

Abstract: Described embodiments provide systems and methods for validating session tokens using network properties. A first device having one or more processors coupled with memory may identify a session token from an initiation of a session between the first device and a second device via a network path of a plurality of network paths. The first device may determine that the first network path is to be trusted based at least on a property of the network path. The first device may validate the session token for use over the plurality of network paths, responsive to determining that the network path is to be trusted. The first device may provide, responsive to validating, the session token to the second device for use in communications over the plurality of network paths.

Abstract: Described embodiments provide systems and methods for steering network traffic using dynamically generated configuration scripts. A first device may generate a configuration script for an application on the client for connecting with a server. The configuration script may specify the application to establish a direct connection or an indirect connection with the server. The first device may provide the configuration script to be invoked by the application to identify a first address to access the server based on a determination to establish the direct connection or the indirect connection. The first device may receive, from the client, an initiation request to connect with the server including the first address. The first device may determine second address by applying a routing policy to the first address. The first device may establish one of the direct connection or the indirect connection using the second address.

Abstract: Methods and systems for changing communication paths in a network based on predicted Quality of Experience metrics are described herein. Computing devices in a network may communicate via one or more communication paths and using one or more applications. One or more Quality of Experience metrics may be determined for the one or more applications. Network metrics for the network may be measured and, based on one or more Quality of Service policies for the network, predicted Quality of Experience metrics may be determined using, e.g., a model network. A communication path recommendation may be output based on the predicted Quality of Experience metrics. For example, the recommendation may cause an application to change from a first communication path to a second communication path.

Abstract: Techniques are disclosed for enhancing quality of experience (QoE) being provided by an application executing in a network based on a determined current QoE of the application. An example methodology implementing the techniques includes determining one or more characteristics of a data flow for an application, computing a score for the execution of the application based on the determined one or more characteristics of the data flow, the score being indicative of a quality of a user experience associated with the application and responsive to determination that the score does not satisfy a threshold, adjusting the data flow so that execution of the application results in a user experience that is satisfactory based on the computed score. In one example, adjusting the data flow includes packet duplication. In another example, adjusting the data flow includes forward error correction.

Abstract: Methods and systems for changing communication paths in a network based on predicted Quality of Experience metrics are described herein. Computing devices in a network may communicate via one or more communication paths and using one or more applications. One or more Quality of Experience metrics may be determined for the one or more applications. Network metrics for the network may be measured and, based on one or more Quality of Service policies for the network, predicted Quality of Experience metrics may be determined using, e.g., a model network. A communication path recommendation may be output based on the predicted Quality of Experience metrics. For example, the recommendation may cause an application to change from a first communication path to a second communication path.

Abstract: Described embodiments provide systems and methods for steering network traffic using dynamically generated configuration scripts. A first device may generate a configuration script for an application on the client for connecting with a server. The configuration script may specify the application to establish a direct connection or an indirect connection with the server. The first device may provide the configuration script to be invoked by the application to identify a first address to access the server based on a determination to establish the direct connection or the indirect connection. The first device may receive, from the client, an initiation request to connect with the server including the first address. The first device may determine second address by applying a routing policy to the first address. The first device may establish one of the direct connection or the indirect connection using the second address.

Abstract: Methods and systems for changing communication paths in a network based on predicted Quality of Experience metrics are described herein. Computing devices in a network may communicate via one or more communication paths and using one or more applications. One or more Quality of Experience metrics may be determined for the one or more applications. Network metrics for the network may be measured and, based on one or more Quality of Service policies for the network, predicted Quality of Experience metrics may be determined using, e.g., a model network. A communication path recommendation may be output based on the predicted Quality of Experience metrics. For example, the recommendation may cause an application to change from a first communication path to a second communication path.

Abstract: Methods and systems for changing communication paths in a network based on predicted Quality of Experience metrics are described herein. Computing devices in a network may communicate via one or more communication paths and using one or more applications. One or more Quality of Experience metrics may be determined for the one or more applications. Network metrics for the network may be measured and, based on one or more Quality of Service policies for the network, predicted Quality of Experience metrics may be determined using, e.g., a model network. A communication path recommendation may be output based on the predicted Quality of Experience metrics. For example, the recommendation may cause an application to change from a first communication path to a second communication path.

Abstract: Described embodiments provide systems and methods for steering network traffic using dynamically generated configuration scripts. A first device may generate a configuration script for an application on the client for connecting with a server. The configuration script may specify the application to establish a direct connection or an indirect connection with the server. The first device may provide the configuration script to be invoked by the application to identify a first address to access the server based on a determination to establish the direct connection or the indirect connection. The first device may receive, from the client, an initiation request to connect with the server including the first address. The first device may determine second address by applying a routing policy to the first address. The first device may establish one of the direct connection or the indirect connection using the second address.

Abstract: Described embodiments provide systems and methods for steering network traffic using dynamically generated configuration scripts. A first device may generate a configuration script for an application on the client for connecting with a server. The configuration script may specify the application to establish a direct connection or an indirect connection with the server. The first device may provide the configuration script to be invoked by the application to identify a first address to access the server based on a determination to establish the direct connection or the indirect connection. The first device may receive, from the client, an initiation request to connect with the server including the first address. The first device may determine second address by applying a routing policy to the first address. The first device may establish one of the direct connection or the indirect connection using the second address.

Abstract: Embodiments of the present disclosure provide techniques for distributing information about possible anomalies in a network. A sensor in a network may detect packets with payloads that match an anomaly signature. Address dispersion information, for example, in the form of source and address bitmaps, may be gathered at the sensor. The address dispersion information may be distributed to one or more peer sensors if the information indicates that the number of different addresses of the detected matching packets exceeds a threshold.

Abstract: A method is disclosed for distributed detection of botnets via a plurality of sensors on a network. According to embodiments, DNS information, including domain names and addresses, is received at a sensor, the number of unique subnets corresponding to a domain name is determined and an alert is sent to other sensors when the number of unique subnets exceeds a first threshold. Other embodiments are also disclosed.

Abstract: A method is disclosed for distributed detection of botnets via a plurality of sensors on a network. According to embodiments, DNS information, including domain names and addresses, is received at a sensor, the number of unique subnets corresponding to a domain name is determined and an alert is sent to other sensors when the number of unique subnets exceeds a first threshold. Other embodiments are also disclosed.

Abstract: Embodiments of the present disclosure provide techniques for distributing information about possible anomalies in a network. A sensor in a network may detect packets with payloads that match an anomaly signature. Address dispersion information, for example, in the form of source and address bitmaps, may be gathered at the sensor. The address dispersion information may be distributed to one or more peer sensors if the information indicates that the number of different addresses of the detected matching packets exceeds a threshold.