Abstract: Systems, methods, and software described herein manage server connection resets based on domain name server (DNS) information. In one implementation, a firewall may receive a reverse DNS request from a computing system and communicate a request to a DNS security service to determine whether a destination associated with the reverse DNS request is malicious. The firewall further receives a response from the DNS security service that indicates that the destination is malicious and, when the response indicates that the destination is malicious, communicates a reset command to the destination to reset a connection between the destination and the computing system.

Abstract: The technology disclosed herein enables detection of domain hijacking when a DNS resolver is performing a DNS lookup. In a particular embodiment, a method provides receiving a DNS request from a requesting computing system. The DNS request includes a domain name for which the requesting computing system is requesting resolution of a network address associated with the domain name in the DNS. The method further provides, in response to receiving the DNS request, identifying a nameserver, via a root nameserver of the DNS, to handle the DNS request and determining the nameserver is not a proper nameserver for the domain name specifically. The proper nameserver is defined by nameserver criteria generated specifically for the domain name. The method also provides preventing the nameserver from being used to resolve the DNS request in response to determining that the nameserver is not a proper nameserver for the domain name.

Abstract: Systems, methods, and software described herein manage server connection resets based on domain name server (DNS) information. In one implementation, a firewall may receive a reverse DNS request from a computing system and communicate a request to a DNS security service to determine whether a destination associated with the reverse DNS request is malicious. The firewall further receives a response from the DNS security service that indicates that the destination is malicious and, when the response indicates that the destination is malicious, communicates a reset command to the destination to reset a connection between the destination and the computing system.

Abstract: The technology disclosed herein enables detection of domain hijacking when a DNS resolver is performing a DNS lookup. In a particular embodiment, a method provides, in response to a request to resolve a network address corresponding to a domain name, determining that a nameserver for the domain name is suspect based on satisfaction of nameserver criteria associated with the domain name. The method further includes preventing the nameserver from being used to resolve the request in response to determining that the nameserver is suspect.

Abstract: Methods, systems, and computer readable mediums for securely establishing credential data for a computing device are disclosed. According to one example, a method includes assigning, by a credential manager, credential set data to a computing device and mapping the credential set data to a device identifier key associated with the computing device in a credential data store accessible by the credential manager. The method further includes receiving, from a provisioning service client, a credential set request message including the device identifier key by the credential manager in response to an activation of the computing device at a customer location site and sending, by the credential manager to the provisioning service client, the credential set data for authenticating the computing device at the customer location site.

Abstract: Systems, methods, and software described herein manage server connection resets based on domain name server (DNS) information. In one implementation, a firewall may receive a reverse DNS request from a computing system and communicate a request to a DNS security service to determine whether a destination associated with the reverse DNS request is malicious. The firewall further receives a response from the DNS security service that indicates that the destination is malicious and, when the response indicates that the destination is malicious, communicates a reset command to the destination to reset a connection between the destination and the computing system.

Abstract: The technology disclosed herein enables detection of domain hijacking when a DNS resolver is performing a DNS lookup. In a particular embodiment, a method provides, in response to a request to resolve a network address corresponding to a domain name, determining that a nameserver for the domain name is suspect based on satisfaction of nameserver criteria associated with the domain name. The method further includes preventing the nameserver from being used to resolve the request in response to determining that the nameserver is suspect.

Abstract: Methods, systems, and computer readable mediums for securely establishing credential data for a computing device are disclosed. According to one example, a method includes assigning, by a credential manager, credential set data to a computing device and mapping the credential set data to a device identifier key associated with the computing device in a credential data store accessible by the credential manager. The method further includes receiving, from a provisioning service client, a credential set request message including the device identifier key by the credential manager in response to an activation of the computing device at a customer location site and sending, by the credential manager to the provisioning service client, the credential set data for authenticating the computing device at the customer location site.

Abstract: Methods, systems, and computer readable mediums for securely establishing credential data for a computing device are disclosed. According to one example, a method includes assigning, by a credential manager, credential set data to a computing device and mapping the credential set data to a device identifier key associated with the computing device in a credential data store accessible by the credential manager. The method further includes receiving, from a provisioning service client, a credential set request message including the device identifier key by the credential manager in response to an activation of the computing device at a customer location site and sending, by the credential manager to the provisioning service client, the credential set data for authenticating the computing device at the customer location site.

Abstract: Methods, systems, and computer readable mediums for providing supply chain validation are disclosed. According to one exemplary embodiment, a method for validating a computing system comprises receiving, from a source entity and via an out of band delivery, validation information for validating the computing system, wherein the validation information is derived from one or more components of the computing system. The method also includes determining, using the validation information and reference information associated with the computing system, whether a configuration of the computing system has been modified and, in response to determining that the configuration of the computing system has been modified, generating information about a system modification.

Abstract: Methods, systems, and computer readable mediums for providing supply chain validation are disclosed. According to one exemplary embodiment, a method for validating a computing system comprises receiving, from a source entity and via an out of band delivery, validation information for validating the computing system, wherein the validation information is derived from one or more components of the computing system. The method also includes determining, using the validation information and reference information associated with the computing system, whether a configuration of the computing system has been modified and, in response to determining that the configuration of the computing system has been modified, generating information about a system modification.

Abstract: The present invention provides a network architecture. An embodiment includes a plurality of nodes interconnected by links. Each node can maintain knowledge of other nodes in a database. The database contains a list of other nodes in the network, and a ‘next-best-step’ for each of those other nodes, pointing to a neighbouring node that is the next best step to that other node. Where a particular node of the network is not in the list, then the next-best-step is assumed to be the next-best-step most commonly identified in the database. Such a network will form a “core” wherein any node in the network can find any other node in the network by first seeking out that other node at the core. Once the nodes locate each other via the core, a more optimum route forms in the network according to the most desirable path between those nodes.