Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with generating client-executable actions with TLS parameters includes receiving a request from a client for establishing a TLS connection to a server, wherein the request comprises TLS parameters for the TLS connection. An identity of the client is determined based on the TLS parameters in the request unique to the client. A recommended client-executable action is generated based on the TLS parameters. The recommended client-executable action is an adjustment of a characteristic of a system of the client. The recommended client-executable action is transmitted to the client.

Abstract: Technologies related to mitigation of volumetric distributed denial of service attacks are disclosed. Malicious network connection request detection can be performed using a first network traffic management module (NTMM) that executes before network connection resources are allocated and a second NTMM that executes after connection resource allocation. The second NTMM can be used to determine whether a connection request is from a potential bad actor. If the request is from a potential bad actor, the second NTMM can add an identifier for the potential bad actor to a list of potential bad actors. When a subsequent connection request is received, the first NTMM can generate the identifier based on the subsequent request and determine whether it is stored in the list of potential bad actors. If it is, the first NTMM can drop the subsequent request before connection resources for establishing the second request are allocated.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with establishing a connection to a server with a certificate includes receiving a request for establishing an encrypted connection and obtaining a certificate responsive to the received request. Next, the network traffic manager apparatus generates a content cache key for the obtained certificate. Next, the network traffic manager apparatus retrieves a data structure in the cache using the generated content cache key for the obtained certificate. The retrieved data structure is generated and stored in the cache during a previous established encrypted connection. The data structure comprises of extracted data from a previous certificate. Then, the network traffic manager apparatus initiates encryptographic operations using the retrieved data structure from the cache.

Abstract: Systems and methods for data plane management are disclosed herein. An example method includes deploying a WASM that is embedded in a service routing layer of the service mesh, assigning a security policy to the WASM from a bootstrapping layer of the service mesh, the security policy enabling the WASM to detect patterns in the service mesh data that are indicative of sensitive information, evaluating service mesh data by the WASM with the security policy, and transmitting telemetry to a cloud-based command module when the WASM has detected patterns in the service mesh data.

Abstract: Technology related to sending data items via network links in a link aggregate group is disclosed. Data items (such as network packets received via a computer network) can be analyzed to determine whether the data items qualify for a relaxed transmission ordering. If a data item does not qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on contents of the data item (such as by generating a signature or key based on headers of the data item and selecting a network link based on the signature or key). However, if the data item does qualify for relaxed transmission ordering, then a network link in the link aggregate group can be selected based on available capacities of the network links (such as by selecting a network link with a largest available capacity).

Abstract: Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems that provide protection of 5G core networks are illustrated. With this technology, the user plane status can be received from a network repository function indicating whether a user plane restarted. Then the system can determine whether an amount of error messages flowing from the user plane to a gNodeB for a source exceeds a predetermined threshold. In response to determining the amount of error messages exceeds a predetermined threshold and determining that the user plane was not restarted, all messages flowing to the gNodeB for the source can be blocked. Lastly, in response to determining the amount of echo messages from the user plane to the gNodeB is below a second predetermined threshold and that the user plane did not restart, the source can be stored as a bad actor.

Abstract: Methods, non-transitory computer readable media, network traffic management devices and network traffic management systems that provide protection of core networks are illustrated. With this technology, the method includes configuring a service communication proxy among a plurality of service communication proxies to receive a request from a network function. In some examples, the network function is one of the plurality of network functions. Next, the service communication proxy can be configured to determine whether a profile of the network function is stored in a common cache and, in response to determining the profile is in the common cache, retrieve the profile to respond to the request. Then, service communication proxy can be configured to select a destination NF based on based on the stored profile of the network function retrieved from the common cache.

Abstract: Technology related to resolution of hostname for webtop resource access is disclosed. In one example, a method includes receiving request for accessing one or more resources from the webtop associated with the user. A usage pattern data of the user for the webtop is determined. For the requested resource, hostname pre-resolution data is determined based on the usage pattern data and an access policy before a given resource is requested for access. A response for the resource access request is generated based on the determined hostname pre-resolution data and the access policy. The response for the resource access request comprises an address of at least one corresponding backend server for redirecting the user to access the requested resource.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, central management devices, and network traffic management systems that control access to configuration data in a distributed system are illustrated. With this technology, a set of configuration data is stored in a first data structure and a corresponding set of configuration data is stored in a second data structure along with an encrypted digest value that was encrypted using a private key associated with a particular administrator role. The stored configuration data and/or newly received modifications to stored configuration data can be authenticated via a comparison of a digest value calculated using the configuration data compared to the stored encrypted digest value, which is decrypted with a stored public key corresponding to the administrator role.

Abstract: Methods, non-transitory computer readable media, security server devices, and security systems that perform bot detection using machine learning models are illustrated. With this technology, a request for a webpage from a client device to a server device is received. The request has one or more associated logs. A set of features is generated based on the one or more associated logs. The set of features are submitted as an input to a machine learning model. In response to an output of the machine learning model indicating the request for a webpage from the client device was initiated by a bot, the request is denied.

Abstract: A computer implemented method of monitoring data output by a server over a network is provided, in which the server is arranged to store data. The method includes analysing, by a computing device, outgoing data from the server sent over the network; filtering, by the computing device, a portion of the outgoing data to determine a remaining portion of the outgoing data; analysing, by the computing device, the remaining portion of the outgoing data to determine the amount of information in the remaining portion of the outgoing data; and performing, by the computing device, a predetermined action if the amount of information in the remaining portion of the outgoing data is over a threshold.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting a flood attack of a server includes receiving an echo request with a request id for checking connectivity to a server from a source. Next, the method determines whether the request id of the echo request matches a request id of one of a plurality of malicious received requests within a plurality of prior received requests. The comparison of the request ids is conducted to determine whether the request is a legitimate request. Then, the echo request is transmitted to the server when the comparing fails to identify the match. Lastly, an echo response can be sent to the source after sending the echo request to the server.

Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with managing hardware security servers includes receiving a request from a client. The request can comprise of a unique numerical handle and a command for a hardware security server. The unique numerical handle can be generated as a response to a previous request from the client. It can further include searching for a key handle mapped to the unique numerical handle and hardware security server in memory. The method can also include sending the request to the hardware security server with the key handle when the key handle is retrieved from memory during the search and sending a response received from the hardware security server to the client. The response can be received as a result of sending the request to the hardware security server.

Abstract: Methods, non-transitory computer readable media, and network security manager apparatus that assists with enforcing firewall and security policies based on subscriber identification and subscriber class includes receiving network traffic from a plurality of client devices. A unique subscriber identification number and a subscriber class for each of the plurality of client devices is identified. One or more network security policies associated with each of the identified unique subscriber identification number and the subscriber class is obtained. Each of the obtained one or more network security policies is enforced on the corresponding plurality of client devices or a network security manager apparatus.

Abstract: A method, non-transitory computer readable medium and device that assists with providing secure access using preemptive measures includes receiving one or more access policy changes. Data associated with a plurality of client computing devices and a plurality of users using the plurality of client computing devices is obtained upon receiving the one or more access policy changes. One or more of the plurality of client computing devices that are affected by the received one or more access policy changes is determined based on the obtained data associated with the plurality client computing devices and the plurality of users. A notification including a preemptive action is selectively sent to each of the affected one or more client computing devices and one or more affected users.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that facilitate network security are disclosed. The method includes evaluating a security risk of a transaction and determining a risk metric for the transaction based on the evaluation. Based on the risk metric, the method further includes determining a data access right for the transaction. Then the method includes directing the transaction to a target application entity based on the data access right of the transaction.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, central management devices, and network traffic management systems that control access to configuration data in a distributed system are illustrated. With this technology, a set of configuration data is stored in a first data structure and a corresponding set of configuration data is stored in a second data structure along with an encrypted digest value that was encrypted using a private key associated with a particular administrator role. The stored configuration data and/or newly received modifications to stored configuration data can be authenticated via a comparison of a digest value calculated using the configuration data compared to the stored encrypted digest value, which is decrypted with a stored public key corresponding to the administrator role.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with allocating a traffic load through heterogenous topology of a network includes extracting a header of each of a plurality of received packets of a traffic flow. Each of the headers comprises fields. Next, the network traffic manager apparatus executes a hashing function over the fields of each of the headers, applies a load balancing function to determine one of a plurality of endpoints to send each of the received packets based on one or more endpoint characteristics, and maps the index for each corresponding one of the received packets to the corresponding selected one of the endpoints. The received packets are not evenly divided among the plurality of endpoints. Lastly, the network traffic manager apparatus sends the received packets selected endpoint based on the mapping from the load balancing policy.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with selectively routing packets includes receiving a domain name system request from a client. The domain name system request can comprise a configuration for registration of an adapter and then, based on the configuration of the domain name system request, a server can be determined to send the domain name system request. The configuration can comprise an adapter type and the server is determined at least in part based on the adapter type of the configuration. Then the domain name system request can be transmitted to the determined server.