Abstract: Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.

Abstract: Methods and apparatuses for authenticating data communications are disclosed. In a method an intermediate node between a sender device and a receiver device obtains an authenticator associated with the sender device. The intermediate node authenticates the sender device such that the intermediate node acts as the receiver device towards the sender device. The intermediate node is then authenticated to the receiver device such that the intermediate node uses the authenticator associated with the sender device for the authentication to transparently intervene data communications from the sender device to the receiver device.

Abstract: A method and apparatus for control of a computer system are disclosed. The computer system includes a terminal for operator based monitoring of the computer system. A monitoring device is provided to determine information about the state of the operator based monitoring. The information is communicated to a controller of the data security system. The controller then controls the data security system based at least in part on the information.

Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Abstract: Processing of packets in a stream of packets where the packets are assigned with sequence numbers is disclosed. Packets are distributed into at least two analysis windows based on predetermined N lowest bits of the sequence numbers, wherein an analysis window includes M lowest bits of the sequence numbers, M being an integer greater than N. N+1 to M lowest bits of the sequence numbers are analyzed in at least one of the analysis windows while ignoring the N lowest bits to determine the ordering of the packets. A packet is determined as suspicious in response to the analysis indicating the packet being in an incorrect position.

Abstract: Methods and apparatuses for authenticating data communications are disclosed. In a method an intermediate node between a sender device and a receiver device obtains an authenticator associated with the sender device. The intermediate node authenticates the sender device such that the intermediate node acts as the receiver device towards the sender device. The intermediate node is then authenticated to the receiver device such that the intermediate node uses the authenticator associated with the sender device for the authentication to transparently intervene data communications from the sender device to the receiver device.

Abstract: Methods and apparatuses for a computerized system are disclosed. A data processing device receives information from at least one source of log information in the computerized system and detects, based at least in part on said received log information, at least one security protocol related event at a first host device, the at least one security protocol related event being initiated by a second host device. Information is then stored for determination of a trust relationship record based on the detected at least one security protocol related event and information of the second host device.

Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration that sets up and maintains communication connections through the use of Network Address Translation. The configuration includes communicating, by a device, packets from and/or to another device, in which the communication involves a network address translation, and maintaining the network address translation by transmitting, by the device, packets using the network address translation frequently enough to prevent any intermediate device from deleting a mapping for the network address translation from a cache of the intermediate device.

Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.

Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes receiving, by a computer device, a packet comprising a predetermined value indicating support by a node for an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation, and in response to said receiving, determining that the node sending the packet supports the extension of the communications protocol.

Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communications through network address translation. The configuration includes transmitting, by a first computer device, a packet that includes a predetermined value indicating that the first computer device supports an extension of a communications protocol, wherein the communications protocol is used for communications across a network translator device and the extension is capable of traversing network address translation.

Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for revealing occurrence of network address translation by receiving a packet that includes an encoding of a source port number and then determining whether a network address translation occurred on the packet by comparing the source port number against a predetermined port number.

Abstract: A method, apparatus, and computer-readable media are presented that provide a configuration for communicating by a computer device with another computer device wherein network address translation that translate address information in packet headers can occur between the computer devices, and revealing, by the computer device to the other computer device, address information as seen by the computer device on its side of the network address translation, by including in a payload of a packet transmitted to the other computer device, an encoding of the address information as seen by the computer device.

Abstract: SSH sessions and other protocol sessions (e.g., RDP) may be audited using an interceptor embedded within an SSH server or other protocol server. Operations performed over an SSH connection may be controlled, including controlling what files are transferred.

Abstract: Use of one or more computer systems may be audited by performing a man-in-the-middle attack against a cryptographic protocol (e.g., SSH) at one or more interceptors, transmitting audit data to a centralized audit server. Operations performed using the encrypted connection may be controlled and restricted.

Abstract: Encrypted SFTP file transfers and other encrypted file transfers may be audited and what files can be transferred may be controlled at a firewall or other gateway. Transferred files may be subjected to data loss prevention analysis and/or virus checks.

Abstract: Management of user keys for public key authentication using the SSH in large SSH deployments is automated by deploying a management system in the environment, discovering SSH identity keys and authorized keys, analyzing authorized connections between user accounts, and automatically managing the authorized connections and the key pairs used for authentication.

Abstract: A method, device, system and computer program for providing a transport distribution scheme for a security protocol are disclosed. A first packet data connection is established to a remote node for transmitting packet data over a network with a security protocol. An authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.

Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.