Abstract: Methods and systems for performing one or more path selection processes that determine connection conditions and send the data via established, multi-path, connections are described herein. The one or more path selection processes may be performed in a remote computing environment where the established, multi-path, connections are between two endpoint devices and are available to communicate data for a remote application and/or a remote desktop. Based on the one or more path selection processes, data for the remote application and/or the remote desktop may be sent via a connection that differs from connection assignments that were configured when the connections were initially established. Additionally, as part of the one or more path selection processes, routing information that indicates a routing path may be inserted into data sent via the connections. An intermediary device may be caused to route the data according to the routing path indicated by the routing information.

Abstract: A computing system may receive a request to access a resource from a first device. The computing system may generate a token corresponding to a connection between the first device and a gateway. The computing system updates the token based on information corresponding to a second device hosting the resource. The computing system may establish a connection between the second device and the gateway. The computing system may identify a disconnect between the first device and the gateway. The computing system may maintain a persistent connection between the second device and the gateway. The computing system may use the token to reestablish a connection between the first device and the gateway. The computing system may resume a connection between the second device and the gateway, providing a reconnect between the first device and the second device.

Abstract: Methods and systems for in session packet adjustment are described. A computing system may establish, between a client device and a server, a packet transport session. The computing system may detect, during the packet transport session, that a threshold number of packets have failed to successfully transmit between the client device and the server, where a size each of the failed packets exceeds a predetermined size, and where the packets are transmitted according to a first MTU. The computing system may identify, during the packet transport session and based on a largest packet that successfully travelled between the client device and the server, a second MTU, smaller than the first MTU. The computing system may resize, during the packet transport session, further packets according to the second MTU. The computing system may transmit, during the packet transport session, the further packets between the client device and the server.

Abstract: The present solution provides systems and methods for providing remote access and packet retransmission via third party networks. A device can receive a client request to establish a session with a virtual server. The client and the virtual server can communicate using a presentation services protocol over a lower-level protocol. The device can select a node on a network to use for the session between the client and the virtual server. The device can cause an installation of one or more network stacks on the node, the one or more network stacks configured to communicate with the client and the virtual server using the presentation services protocol over the lower-level protocol and to handle retransmissions of packets between the client, the node, and virtual servers. The device can cause each of the client and the virtual server to establish the session via the node.

Abstract: Methods and systems for performing one or more path selection processes that determine connection conditions and send the data via established, multi-path, connections are described herein. The one or more path selection processes may be performed in a remote computing environment where the established, multi-path, connections are between two endpoint devices and are available to communicate data for a remote application and/or a remote desktop. Based on the one or more path selection processes, data for the remote application and/or the remote desktop may be sent via a connection that differs from connection assignments that were configured when the connections were initially established. Additionally, as part of the one or more path selection processes, routing information that indicates a routing path may be inserted into data sent via the connections. An intermediary device may be caused to route the data according to the routing path indicated by the routing information.

Abstract: A computing device includes a memory and a processor configured to receive credentials stored on a client device for a website responsive to the client device initiating a launch of the website through a first browser at the client device. The processor runs a second browser to launch the website for display at the client device using the received credentials and some state information is synchronized between them for the duration of the session. The second browser isolates the website from access to other data of the client device.

Abstract: A computing device includes a memory and a processor configured to receive credentials stored on a client device for a website responsive to the client device initiating a launch of the website through a first browser at the client device. The processor runs a second browser to launch the website for display at the client device using the received credentials and some state information is synchronized between them for the duration of the session. The second browser isolates the website from access to other data of the client device.

Abstract: Example methods are provided for secure communication protocol processing in a network environment. The method may comprise, in response to detecting a first transport protocol packet that is addressed from a first endpoint to a second endpoint and includes unencrypted payload data and a first sequence number, generating and sending a first secure communication protocol packet that includes encrypted payload data and a second sequence number. The method may also comprise, in response detecting a second transport protocol packet that includes the first sequence number, determining that the second transport protocol packet is a retransmission of the first transport protocol packet. The method may further comprise generating and sending a second secure communication protocol packet that includes the second sequence number associated with the first sequence number.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: In one embodiment, there is provided a device implementing a leecher peer, the device including a processor to request a list of seeder peers from a tracker, receive the list, select a first seeder peer from the list from which to download at least part of a content item, start downloading the at least part of the content item from the first seeder peer, receive a message from the first seeder peer indicating a deterioration in an upload flow characteristic of the first seeder peer, in response to receiving the message, request an updated list of seeder peers, receive the updated list, select a second one of the seeder peers from the updated list from which to download another part of the content item, cease downloading the content item from the first seeder peer, and start downloading the other part of the content item from the second seeder peer.

Abstract: Example methods are provided for secure communication protocol processing in a network environment. The method may comprise, in response to detecting a first transport protocol packet that is addressed from a first endpoint to a second endpoint and includes unencrypted payload data and a first sequence number, generating and sending a first secure communication protocol packet that includes encrypted payload data and a second sequence number. The method may also comprise, in response detecting a second transport protocol packet that includes the first sequence number, determining that the second transport protocol packet is a retransmission of the first transport protocol packet. The method may further comprise generating and sending a second secure communication protocol packet that includes the second sequence number associated with the first sequence number.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: A method of leveraging security-as-a-service for cloud-based file sharing includes receiving, at a cloud-based file sharing server external to an enterprise network and having connectivity to the enterprise network, instructions from an enterprise network to validate a file uploaded by a first user associated with the enterprise network before allowing the file to be downloaded. The file sharing server may then receive the file from the first user and forward the file to a cloud-based security-as-a-service (SECaaS) server that is also external to the enterprise network and has connectivity to the enterprise network. The file sharing server receives a determination of validation from the cloud-based SECaaS server and allows a second user to download the file based on the determination. To make the determination, the SECaaS server retrieves cryptographic keying material from a cloud-based key management server, and decrypts the file.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: In one implementation, an endpoint or client device sends a control message into a network to control how a subsequent flow from the endpoint is handled by one or more nodes in the network. A node in the network receives the control message including an encapsulated command and a counter value and modifies the counter value. The node compares the modified counter value to a predetermined limit. When the modified counter value is equal to the predetermined limit, the control message is designated for execution of the encapsulated command. When the modified counter value exceeds the predetermined limit, the control message is forwarded to a subsequent node.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: In one implementation, a network device is configured to monitor communications associated with an endpoint and identify domain name service messages in the communications. Subsequently, the network device receives a hypertext transfer protocol (HTTP) request and determines whether a destination internet protocol (IP) address of the HTTP request is present in or absent from the domain name service messages. When the IP address is absent from the domain name service messages, the HTTP request is modified to trigger increased security.

Abstract: A proxy device intercepts a client transport layer security message including a server name indicator from a client device. The first client transport layer security message is addressed to a server. The proxy device generates a second client transport layer security message including the server name indicator from the first client transport layer security message and sends the second client transport layer security message to the server. The proxy device receives a certificate from the server, validates its identity, and performs policy functions based on that identity.

Abstract: In one embodiment, A tracker computer receives from a first device in a peer-to-peer network that the first device has content for serving. A content request for the content is received from a second device in the peer-to-peer network. The tracker computer routes the content from the first device to the second device through a server. The content routed through the server is inspected for malicious code.

Abstract: In one embodiment, first content is served by an application server to a client computer through an Internet service provider network. The first content includes a link to second content on a third-party server. A token request is sent from the third-party server to the application server in response to selection of the link by the client computer. A token is provided to the third-party server by the application server in response to the token request. The token is configured to authorize data flow at a bandwidth for the second content by the Internet service provider network to the client computer. The data flow is authorized based on an agreement for the bandwidth between an operator of the application server and an operator of the Internet service provider network.