Abstract: Methods, non-transitory computer readable media, session director apparatuses, and network traffic management systems that facilitate packet data network (PDN) service slicing with microsegmentation in an evolved packet core are disclosed. With this technology, a create session request (CSR) general packet radio service (GPRS) tunneling protocol (GTP) control (GTP-c) message is intercepted. A lookup key is then determined based on content of the intercepted CSR GTP-c message. A PDN gateway (PGW) identifier for a PGW is obtained using a slice name obtained using the lookup key. The intercepted CSR GTP-c message is modified to include the obtained PGW identifier. Subsequently, the modified CSR GTP-c message is steered based on the obtained PGW identifier, such as directly to the PGW or to a serving gateway (SGW) module associated with the PGW.

Abstract: Network traffic management apparatuses, systems, methods, and computer-readable media for automatically detecting attack signatures and generating attack signature identifications, involving: collecting a stable dataset during a stable time; determining whether a cyber-attack is detected; when a cyber-attack is detected, periodically generating attack signatures and updating an enforcer with the attack signatures, the attack signatures representing dynamic rules to be enforced; validating the dynamic rules via a long-time validation mechanism, validating involving considering behavior of each dynamic rule after the cyber-attack and during a new cyber-attack and ranking each dynamic rule using the stable dataset, thereby generating persistent rules having a dynamic rule; exporting the persistent rules to a security enforcer; introducing the persistent rules to a persistent rule revocater; determining whether export of an unrevoked persistent rule is requested; and if requested, exporting the unrevoked persiste

Abstract: A method, non-transitory computer readable medium, and device that assists with SSL protected NTLM reauthentication includes receiving a connection reset message from a web application server. The received connection reset message is forwarded to the client computing device. A recent request including connection data to access a web application is received on a new connection as a response to the forwarded connection reset message from the client computing device. Next, it is determined whether the received recent request to access the web application including the connection data is identical to a stored connection data. The client computing device is re-authenticated and granted access to the requested web application to when the connection data is determined to be identical to the stored connection data.

Abstract: A method, non-transitory computer readable medium, and device includes monitoring a session layer and transport layer network traffic data received from a plurality of client computing devices and plurality of servers. A plurality of network traffic anomaly threshold values and a plurality of server health anomaly threshold values for the monitored session layer and the transport layer network traffic data are estimated. Whether a plurality of current network traffic anomaly values and a plurality of current server health anomaly values for the monitored network traffic data exceeds each of the corresponding estimated plurality of network traffic anomaly threshold values and the estimated plurality of server health anomaly threshold values, and whether the current plurality of network traffic anomaly values and the current plurality of server health anomaly values are not a false anomaly is determined. A mitigation action is initiated based on the determination.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that send a server response to a client request from a requesting client device to a service chaining device. A modified server response from the service chaining device is received based on a correlation of the server response to one or more service policies. A determination is made on whether the modified server response requires additional processing by one or more additional service chaining devices based on the modified server response. The processed server response is received from the one or more additional service chaining devices when the determination indicated processing was required. The processed server response is transmitted to the requesting client device.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receives a client access request to access content at one or more server devices. Fingerprint attributes associated with the client device are collected and utilized to identify potential fingerprints. Potential fingerprints are identified based on the collected fingerprint attributes. Previously validated fingerprints stored in a database are utilized to determine when the one of the potential fingerprints matches with one of a previously validated fingerprints stored in the database. The client device is authorized to access content requested in the client access request when the determination indicates that the one of the potential fingerprints matches with one of the plurality of previously validated fingerprints stored in the database.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists managing security tokens based on security violations includes monitoring network traffic data between a client and a web application server. Next, the monitored network traffic data is determined for at least one security violation. One or more access tokens associated with the client is modified when the at least one security violation is detected in the monitored network traffic data. The client is restricted from accessing one or more web applications based on the modified one or more access tokens.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receive a request from a client to log into an application hosted by an application server. A determination is made when the client is authenticated in response to the request. Attribute(s) are extracted from the request, when the determining indicates that the client is authenticated. A first password is generated for the client. A record for the client stored at a global catalog server is identified based on the extracted attributes and the generated first password is injected into the identified record. Credential(s) including at least the generated first password are sent to the application hosted by the application server.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain an assigned Internet Protocol (IP) address from a DHCP server in response to an address request received from a client. One of a plurality of processing cores, on which a traffic management process is executing, is identified. The assigned IP address is modified based on the identified processing core. The modified IP address is sent to the client in response to the received address request. With this technology, connections associated with a same subscriber can advantageously be disaggregated to the same traffic management process.

Abstract: Client requests for server resources are received by a network traffic management device (NTMD). The NTMD initially responds to the client requests on behalf of the associated servers. The initial responses include client side language scripts for execution by the clients. Executing the scripts causes the clients to resend their initial requests identified as a potential attack by the NTMD along with information indicating the client's legitimacy, such as the result of a computational JavaScript challenge. The NTMD receives the resent initial request, determines it was sent from a legitimate requestor and is therefore not an attack, and forwards it to the associate server.

Abstract: Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.

Abstract: Embodiments are directed towards managing communication over a network with a traffic management computer (TMC). If a network protocol associated with a network traffic is unknown, additional actions may be performed. Constant value recognition actions may be selected for one or more complex protocols. The one or more complex protocols may be the Teredo protocol, or another tunneling protocol. If constant value recognition conditions may be satisfied still further actions may be performed to determine the complex protocol. If a sufficient number of the action results are affirmative, one or more operations on the network traffic may be performed based on the complex protocol. And, the network traffic may be sent to a client or a server. Performing the operations on the network traffic may include providing an identity of another network protocol that may be encapsulated in the complex protocol.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with enhancing enforcement on compliance based on security violations includes obtaining security violation data associated with a plurality of enrolled mobile devices and identifying one or more of the plurality of enrolled mobile devices causing one or more security violations based on the obtained security violation data. One or more compliance policies are updated based on the obtained security violation data. A compliance check is performed on the identified one or more enrolled mobile devices causing the one or more security violations based on the updated one or more policies and initiating one or more compliance correction actions on the identified one or more enrolled mobile devices causing the one or more security violations.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that provide parameterized sub-policy evaluation for fine grain access control implemented by determining when there is a result for one of the plurality of sub-policies being evaluated for a received request for a resource during a session. The result for evaluation of the one of the plurality of sub-policies for the received request is used when the determination indicates the result is stored for the session. The one of the plurality of sub-policies is executed on the received request to obtain the result when the determination indicates the result is not stored for the session. The result for the one of the plurality of sub-policies from this execution is stored for the session.

Abstract: A method, non-transitory computer readable medium, security management apparatus, and network traffic management system that monitors received HTTP requests associated with a source IP address to obtain data for one or more signals. A value for one or more bins corresponding to one or more of the signals for individual behavioral histograms and a global behavioral histogram is updated based on the signal data. The individual behavioral histograms each correspond to one of the source IP addresses. A determination is made when a DDoS attack condition is detected. When the determining indicates that the DDoS attack condition is detected, an attack pattern is identified in the global behavioral histogram and a mitigation action is initiated for one of the source IP addresses based on a correlation of one of the individual behavioral histograms, which corresponds to the one of the source IP addresses, to the attack pattern.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems performing load balancing in a federated identity environment. An enhanced identity service provider server receives a redirected user authentication from a client device. Upon successfully authenticating the user of the client device a token is generated. Further another service provider server is selected based on a comparison of one or more network parameters and the client device is redirected with the token to the another selected service provider server. Based on a validation of the token the client device accesses applications protected by the selected another service provider server.

Abstract: Embodiments are directed towards managing name service communications. A name service device may be arranged to employ a hardware domain name service (DNS) processor to receive a name service query. The hardware DNS processor may perform operations on the name service query. If operations performed by the hardware DNS processor do not resolve the name service query, further operations may be performed. The name service device may be arranged to provide a name service reply that includes the answer to the name service query. And, the name service device may be arranged to send the name service reply back to the hardware DNS processor. Accordingly, the hardware DNS processor on the name service device may send the name service reply that includes at least an answer to the name service query to the requesting computers.

Abstract: Passing a reference to a first socket from a first process to a second process within a computing environment includes opening, by the first process, a second socket within the computing environment. The second socket is represented by a file in a first file system of the first process. The first process transmits a reference to the first socket to the second socket. A second file system of the second process is mapped to include the file representing the second socket. The second process reads the reference to the first socket from the file representing the second socket mapped to the second file system. The second process references the first socket using the reference to the first socket read from the file.

Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.