Abstract: Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers.

Abstract: An example system includes a processor to receive a current session and previous sessions associated with an account. The processor can split the current session and the previous sessions into action windows. The processor can calculate a window similarity score for each action window of the current session using a pair-wise comparison with action windows of each of the previous sessions. The processor can aggregate the window similarity scores to generate a replay likelihood score for the current session with respect to each of the previous sessions. The processor can classify the current session as a replay attack in response to detecting that a replay likelihood score of the current session exceeds a threshold.

Abstract: A content management device includes: a storage that stores (a) a content generated by imaging performed by a first terminal that is at least one of a plurality of terminals, (b) a time at which the imaging of the content was performed, and (c) a history indicating whether each of one or more terminals among the plurality of terminals excluding a second terminal received, during a period that includes the time at which the imaging was performed, a beacon signal transmitted from the second terminal by radio waves, the second terminal being at least one of the plurality of terminals; and a manager that manages the content as a permissible content that is permitted to be presented by the plurality of terminals when determining, with reference to the storage, that each of the one or more terminals received the beacon signal during the period.

Abstract: In an industrial system, a data capture apparatus can be configured to operate as a unidirectional communication connection between a private network and a public network. The data capture apparatus can be further configured to time stamp data, for instance digitally sign data with a time stamp, so as ensure data integrity over the unidirectional communication connection, while maintaining physical isolation between the private network and public network.

Abstract: A method for controlling the transfer of data through a firewall. The method includes one or more computer processors establishing a first communication channel between a first server and a second server. The method further includes transmitting, via the first communication channel, information related to a pending transmission of data from the first server to the second server. The method further includes receiving from the second server, via the first communication channel, a set of security information associated with accessing the second server via a second communication channel. The method further includes establishing the second communication channel between the first server and the second server based on the set of security information received from the second server. The method further includes transmitting the data from the first server to the second server utilizing the established second communication channel.

Abstract: A device may include a communication component that may communicatively couple to a first network. The device may also include a processor that may transmit a first signal via the communication component to a network address translation (NAT) system, the first signal including a first request to discover a server device. The NAT system may communicatively couple to the first network and a second network, such that the first network is inaccessible to the second network. The processor may then receive location data associated with the server device and transmit a second signal addressed to the server device based on the location data. The second signal is transmitted to the NAT system, such that the second signal may include a second request for a security policy from the server device. The processor may then receive the security policy via the NAT system and adjust one or more communication operations based on the security policy.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for enabling blockchain-based service of process. One method includes: receiving a request generated based on a blockchain-based application for delivering a notice associated with a legal action from a serving party to another party. The serving party is determined to be a registered user of the blockchain-based application. A time that the request is received is recorded on the blockchain. If the party to be served is determined to be a registered user of the blockchain-based application, identifying one or more manners of delivering the notice based on available communication methods included in the registration information of the serving party and registration information of the party to be served. The notice to the party to be served is determined based on at least one of the one or more manners.

Abstract: A method at a system including a firewall and at least one application, the method including obtaining, at the at least one application, a new address for a service provider for the at least one application; triggering a firewall update; obtaining a new firewall configuration; and updating the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider.

Abstract: Embodiments of the present disclosure provide a method and apparatus for analyzing a cyber attack. A method may include: acquiring a web blog of a server; detecting whether a hypertext transfer protocol request in the web log is offensive, to obtain a detection result of the hypertext transfer protocol request, and storing the hypertext transfer protocol request, the detection result of the hypertext transfer protocol request, and extracted data portion correspondingly.

Abstract: A method is provided for verifying an authentication request to a computer network. The method may include receiving a network packet and extracting an authentication request from the network packet. The authentication request may be encrypted to store attribute-value pairs, and the method may further include decrypting the authentication request to access the attribute-value pairs. The method may also include extracting a target name and a device name from the attribute-value pairs, wherein the device name indicates an identified target device, and determining whether the target name refers to the identified target device identified by the device name.

Abstract: A method includes receiving a set of difference lists from a set of storage units of the DSN, where the set of storage units store a plurality of sets of encoded data slices, wherein a first difference list identifies first encoded data slices that have first indicators that are different than corresponding first indicators of the first encoded data slices included in a shared common list. The method continues by determining, for a set of encoded data slices of the plurality of sets of encoded data slices, whether a storage inconsistency exists based on one or more indicators associated with the encoded data slice included in the set of difference lists. When the storage inconsistency exists, the method continues by flagging for rebuilding encoded data slices of the set of encoded data slices associated with the storage inconsistency.

Abstract: An onboarding server uses an ultrasound token to securely onboard a new device to an organizational structure. The onboarding server obtains a registration from the new device and provides the new device with an ultrasound token. The onboarding server also obtains a notification from a user device that detected the ultrasound token broadcast from the new device. The onboarding server determines a device identity for the new device and provides cryptographic information to the new device. The cryptographic information enables the new device to connect to an organizational structure with the device identity.

Abstract: A web application firewall (WAF) receives an application request from a router, wherein the application request is directed to a web application, and wherein the web application firewall is associated with the web application. The WAF updates the application request to include a first header, wherein the first header includes a copy of a uniform resource locator of the application request, and updates the uniform resource locator to indicate an address of the web application firewall. The WAF analyzes the application request to determine whether the application request is secure, wherein the analysis is based on a rule, and in response to a determination that the application request is secure, updates the application request to include a second header, wherein the second header includes an encrypted signature.

Abstract: The storage comprises a first bridge, a second bridge that can be connected to the first bridge, a first storage device that can be connected to the first bridge, and second and third storage devices that can be connected to the second bridge. If a command that has been received from a main controller is a command not corresponding to the first storage device and an access destination of the main controller is the second bridge, a controller transmits a command corresponding to the received command to the second bridge. In contrast, if the command that has been received from the main controller is a command corresponding to the first storage device, the controller transmits the command corresponding to the received command to the second bridge or the first storage device.

Abstract: Techniques for reducing compromise of sensitive data in a virtual machine are described. During initiation of a secure string instance of a program module in memory allocated to the virtual machine, the program module can receive sensitive data in plaintext and retrieves parameters sourced from outside the allocated memory. During the execution of the program module, the sensitive data can be encrypted using a key based on the parameters to obtain encrypted data. The program module can overwrite the sensitive data with the encrypted data. The program module can receive a trigger to send a message that is generated using the sensitive data. The encrypted data can be decrypted using the key based on the parameters to obtain the sensitive data. After encryption and decryption, the program module can generate the message using the sensitive data and overwrite the sensitive data and the parameters used to encrypt the sensitive data.

Abstract: Serving data assets based on security policies is provided. A request to access an asset received from a user having a particular context is evaluated based on a set of asset access enforcement policies. An asset access policy enforcement decision is generated based on evaluating the request. It is determined whether the asset access policy enforcement decision is to transform particular data of the asset prior to allowing access. In response to determining that the asset access policy enforcement decision is to transform the particular data of the asset prior to allowing access, a transformation specification that includes an ordered subset of unit transformations for transforming the particular data of the asset is generated based on the particular context of the user and the set of asset access enforcement policies. A transformed asset is generated by applying the transformation specification to the asset transforming the particular data of the asset.

Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.

Abstract: Technology related to evaluating cyber-risk for synchrophasor systems is disclosed. In one example of the disclosed technology, a method includes generating an event tree model of a timing-attack on a synchrophasor system architecture. The event tree model can be based on locations and types of timing-attacks, an attack likelihood, vulnerabilities and detectability along a scenario path, and consequences of the timing-attack. A cyber-risk score of the synchrophasor system architecture can be determined using the event tree model. The synchrophasor system architecture can be adapted in response to the cyber-risk score.

Abstract: The present application discloses a method, device, and system for data transmission. The system includes a first terminal having an associated terminal ID and a server. At least one of the first terminal and the server establishes a channel between the first terminal and the server based at least in part on the terminal ID, the channel corresponding to a communication channel that is to be used by the first terminal and the server to communicate data. The terminal ID is used to authenticate the first terminal in connection with the channel being established between the first terminal and the server.

Abstract: Embodiments of this application provide a resource processing method, apparatus, and system, and a computer-readable medium.