Abstract: The present invention discloses methods, media, and gateways for protecting against cookie-poisoning attacks in networked-communication applications. Methods include the steps of: creating a protected gateway cookie, generated by a gateway, for a server cookie, generated by a server, wherein the server cookie is received by the gateway in an HTTP response message; and validating, by the gateway, that a client cookie from a client request has a corresponding gateway cookie with expected field values. Preferably, the field values include at least one field value selected from the group consisting of: a name, a hash value computed over the server cookie, a hash-function index, a timestamp, a nonce, a hash value computed over newly-generated values, a path, a domain, an expiration, and an HTTP-only value. Preferably, the gateway cookie is signed with a secret key. Most preferably, the secret key is generated by a secret seed.

Abstract: Methods, devices, and media for intelligent NIC bonding and load-balancing including the steps of: providing a packet at an incoming-packet port of a gateway; attaching an incoming-port identification, associated with the incoming-packet port, to the packet; routing the packet to a processing core; passing the packet through a gateway processing; sending the packet, by the core, to the operating system of a host system; and routing the packet to an outgoing-packet port of the gateway based on the incoming-port identification. Preferably, the gateway processing includes security processing of the packets. Preferably, the step of routing the packet to the outgoing-packet port is based solely on the incoming-port identification. Preferably, an outgoing-port identification, associated with the outgoing-packet port, has an identical bond-index to the incoming-port identification.

Abstract: The present invention discloses methods and media for hooking applications to monitor and prevent execution of security-sensitive operations, the method including the steps of: reading at least one configuration parameter list from a configuration module; hooking, by a hooking engine, a hooking point in an application, wherein the hooking point is defined in the configuration module; calling, by the application, the hooking point during operation of the application; matching at least one hooking parameter in the hooking point to at least one configuration parameter in at least one configuration parameter list; and upon detecting a match between the hooking parameter and at least one configuration parameter, performing at least one configuration-defined action. Preferably, the method further includes the step of: updating a state of the hooking engine. Preferably, the hooking engine is operative to prevent malicious operations by obfuscated code.

Abstract: Methods, for automatically generating natural-language news items from log files, including the steps of: gathering at least one data record; filtering at least one data record according to at least one rule to produce at least one filtered data set; aggregating at least one filtered data set; analyzing at least one filtered data set for at least one statistical trend; and automatically generating a news item based on at least one statistical trend. Preferably, the method further includes the step of: customizing the news item based on a relative importance of at least one statistical trend. Preferably, the method further includes the step of: performing a drill-down analysis on at least one statistical trend. Most preferably, the method further includes the step of: enriching the news item based on the drill-down analysis. Preferably, the method further includes the step of: embedding at least one graphical element into the news item.

Abstract: Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.

Abstract: Disclosed are methods, devices, and media for enforcing network access control, the method including the steps of: extracting a packet signature from a packet (or packet fragment) received from a network; storing the packet signature and the packet in a buffer; computing a buffer signature using a per-endpoint secret key; determining whether the packet signature and the buffer signature are identical; and upon determining the packet signature and the buffer signature are identical, transmitting the packet to a protocol stack. Preferably, the step of extracting includes extracting the packet signature from a field (e.g. identification field) of a header of the packet. Preferably, the method further includes the step of: upon determining the packet signature and the buffer signature are not identical, discarding the packet. Methods for receiving a packet from a protocol stack, and transmitting the packet to a network are disclosed as well.

Abstract: A computerized method performed in a computer operatively connected to storage. Parsing rules are determined for parsing logs output as text and/or symbols from multiple devices in a computer network. The logs are stored in the storage. Multiple log samples are sampled from the logs. The log samples are input into an application running on the computer. The log samples are each sectioned into multiple sections which include variable information separated by static structural text. Each of the log samples is processed by: comparing the sections to a list of regular expressions. The list is maintained in the storage, and upon matching a matched section of the sections to a matched regular expression from the list of the regular expressions, the matched section is tagged with a tag associated with the matched regular expression. The tag associated to the matched regular expression is stored and combined with any unmatched sections and with the static structural text to create a log pattern.

Abstract: A method for load sharing and high availability in a cluster of computers. The cluster includes a first computer and a second computer which perform a task An active application runs in the first computer and a standby application is installed in the second computer. The active application and the standby application are included in an application group. A first plurality of applications is installed in the first computer; the first plurality includes the running active application. The active application performs the task and stores in memory of the first computer state parameters and a policy A synchronized copy of the state parameters and the policy pertaining to the task is maintained by storing in memory of the second computer. Preferably, the cluster is in a security gateway between data networks and performs a task related to security of one or more of the networks.

Abstract: A method for protecting data communications using a multiple processor device in which multiple processors are operatively connected by a transport mechanism for sharing data. One or more of the processors is programmed as a dispatcher and other processors are programmed with processes. Each of the processes enforce an identical security policy and/or perform an identical or specialized security function. Data streams are transferred respectively from the dispatcher to the processes through the transport mechanism. Control information is transmitted through the transport mechanism from one or more processes to the dispatcher. The control information specifies balancing load of the data streams between the processes. The dispatcher balances load based on the control information.

Abstract: A method to manage the bandwidth of a link that is available to a cluster of servers. The method includes establishing a localized bandwidth management policy for at least one of the servers from a centralized management policy of the cluster. The localized policy and the centralized policy are based on a hierarchical policy having a plurality of rules associated with classes of connections that are routed through the link. Each of the rules has an associated rate. The plurality of rules includes a plurality of terminal rules. Establishing the localized policy is performed by prorating the rate of at least one of the terminal rules under the centralized policy according to a first measurement of a usage of the link by the at least one server for the at least one terminal rule. The method also includes operating the at least one server according to the localized policy.

Abstract: A system, a device and a method for accelerating packet filtration by supplementing a firewall with a pre-filtering module. The pre-filtering module performs a limited set of actions with regard to the packets, according to whether the packets are received from a connection which has been previously permitted by the firewall. If the packets are received from such a permitted connection, then the pre-filtering module forwards the packets to their destination, optionally performing one or more actions on the packets. Otherwise, the packets are forwarded to the firewall for handling. Preferably, once the firewall has transferred responsibility for the connection to the pre-filtering module, or “off-loaded” the connection, the firewall does not receive further packets from this connection until a timeout occurs for the connection, or a packet is received with particular session-control field values, such that the connection is closed.

Abstract: The present invention discloses a novel system for controlling the inbound and outbound data packet flow in a computer network. By controlling the packet flow in a computer network, private networks can be secured from outside attacks in addition to controlling the flow of packets from within the private network to the outside world. A user generates a rule base which is then converted into a set of filter language instruction. Each rule in the rule base includes a source, destination, service, whether to accept or reject the packet and whether to log the event. The set of filter language instructions are installed and execute on inspection engines which are placed on computers acting as firewalls. The firewalls are positioned in the computer network such that all traffic to and from the network to be protected is forced to pass through the firewall. Thus, packets are filtered as they flow into and out of the network in accordance with the rules comprising the rule base.