Abstract: Methods and systems are provided for implementing application layer security. According to one embodiment, security rules applicable to end users of a private IP network and particular resources accessible within the network are maintained by a network appliance. A packet originated within the network is received by the network appliance. An application type associated with the packet is determined based on layer 7 information within the packet. Layer 7 information fields are extracted from the packet that are indicative of an identity of an end user associated with the packet. An SSO process is performed including receiving and authenticating credentials of the end user on behalf of multiple resources within the network based on the identity of the end user. One or more security rules are identified and applied to the packet based on the identity of the end user and the determined application type.

Abstract: Methods and systems are provided for implementing application layer security. According to one embodiment, an application layer packet is received by a network appliance and one or more information fields, selected based on an application type associated with the packet, are used to identify an associated end user. Then, security rules that match the traffic pattern, traffic content and identified end user can be applied to the packet. Identification of end users based on application layer information allows different security rules to be implemented for end users or groups thereof. Application of security rules based on identification of an end user based on application layer information can also facilitate implementation of an application-layer-based single sign-on (SSO) process.

Abstract: Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted packet from a first network appliance and buffers the encrypted packet in a buffer. An inspection module accesses the encrypted packet from the buffer, decrypts the encrypted packet to produce plain text and scans the plain text by the inspection module.

Abstract: Methods and systems for improved attack context data logging are provided. According to one embodiment, prior to a logging event being triggered (i) it is determined by a network security device whether a received packet is potentially associated with a threat or undesired activity by analyzing the packet; (ii) when the determination is negative, the packet is stored within a circular buffer; and (iii) when the determination is affirmative, (a) the logging event is triggered, (b) pre-attack context information regarding the threat is captured by extracting information from packets within the circular buffer and (c) the pre-attack context information is stored within a log. After the logging event has been triggered and until information regarding a predefined quantity of packets has been logged, post-attack context information regarding the threat is captured by extracting information from subsequently received packets and the post-attack context information is stored within the log.

Abstract: Methods and systems for improved attack context data logging are provided. According to one embodiment, prior to a logging event being triggered (i) it is determined by a network security device whether a received packet is potentially associated with a threat or undesired activity by analyzing the packet; (ii) when the determination is negative, the packet is stored within a circular buffer; and (iii) when the determination is affirmative, (a) the logging event is triggered, (b) pre-attack context information regarding the threat is captured by extracting information from packets within the circular buffer and (c) the pre-attack context information is stored within a log. After the logging event has been triggered and until information regarding a predefined quantity of packets has been logged, post-attack context information regarding the threat is captured by extracting information from subsequently received packets and the post-attack context information is stored within the log.

Abstract: Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received from an administrator of a network security device. The configuration information includes information indicative of a quantity of packets to be captured for post attack analysis. Responsive to receipt of the configuration information, a size of a circular buffer is configured based thereon. Multiple packets directed to a network protected by the network security device are received from an external network. The received packets are temporarily buffered within the circular buffer. An analysis is performed to determine whether one of the received packets is potentially associated with a threat or undesired activity (“trigger packet”).

Abstract: Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted packet from a first network appliance and buffers the encrypted packet in a buffer. An inspection module accesses the encrypted packet from the buffer, decrypts the encrypted packet to produce plain text and scans the plain text by the inspection module.

Abstract: Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module.

Abstract: Methods and systems are provided for implementing application layer security. According to one embodiment, security rules applicable to end users of a private IP network and particular resources accessible within the network are maintained by a network appliance. A packet originated within the network is received by the network appliance. An application type associated with the packet is determined based on layer 7 information within the packet. Layer 7 information fields are extracted from the packet that are indicative of an identity of an end user associated with the packet. An SSO process is performed including receiving and authenticating credentials of the end user on behalf of multiple resources within the network based on the identity of the end user. One or more security rules are identified and applied to the packet based on the identity of the end user and the determined application type.

Abstract: Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received from an administrator of a network security device. The configuration information includes information indicative of a quantity of packets to be captured for post attack analysis. Responsive to receipt of the configuration information, a size of a circular buffer is configured based thereon. Multiple packets directed to a network protected by the network security device are received from an external network. The received packets are temporarily buffered within the circular buffer. An analysis is performed to determine whether one of the received packets is potentially associated with a threat or undesired activity (“trigger packet”).

Abstract: Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module.

Abstract: Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received by a firewall device from a network administrator. The configuration information includes a number (N) of packets to capture by the firewall device responsive to an event detected by the firewall device that is potentially indicative of a threat or undesired activity. Multiple packets are received by the firewall device. The firewall device applies an attack detection algorithm, including one or more of a set of intrusion detection signatures, a set of malware detection signatures and a set of security policies, to the received packets. Responsive to the firewall device determining that a trigger packet is associated with a potential threat or potential undesired activity, the firewall device causes information regarding N packets of the received packets, inclusive of the trigger packet, to be stored in a log.

Abstract: Methods and systems are provided for improved attack context data logging. In one embodiment, additional context is provided for an attack by logging either a predetermined or configurable number or predetermined or configurable timeframe of packets before and optionally after detection of a packet associated with an attack. This additional context facilitates understanding of the attack and can help in connection with improving the implementation of signatures that are used to detect attacks and reducing false positives. In one aspect, the system is configured to assess multiple packets across one or more sessions and temporarily store each packet in a buffer having a configurable size such that once an attack is detected, a log can be generated based at least in part on packets present in the buffer. Then, the log can be analyzed so as to understand the context of the attack.

Abstract: Methods and systems are provided for implementing application layer security. According to one embodiment, an application layer packet is received by a network appliance and one or more information fields, selected based on an application type associated with the packet, are used to identify an associated end user. Then, security rules that match the traffic pattern, traffic content and identified end user can be applied to the packet. Identification of end users based on application layer information allows different security rules to be implemented for end users or groups thereof. Application of security rules based on identification of an end user based on application layer information can also facilitate implementation of an application-layer-based single sign-on (SSO) process.

Abstract: A thermally enhanced electronic package comprises a driver chip, an insulator, a flexible carrier, and carbon nanocapsules. The flexible carrier includes a flexible substrate, a wiring layer formed on the substrate, and a resistant overlaying the wiring layer. The driver chip is connected to the wiring layer. The insulator is filled in the gap between the driver chip and the flexible carrier. The carbon nanocapsules are disposed on the driver chip, on the resistant, on the flexible carrier, or in the insulator to enhance heat dissipation of electronic packages.

Abstract: A media access control (MAC) security (MACsec) function block may implement MACsec protocols on a network. A physical layer device (PHY) may connect to the MACsec function block and an interface register configured to store command information for the MACsec function block. A central processing unit (CPU) may provide the command information for the MACsec function block to the PHY via a management data input/output (MDIO) bus. The PHY may execute either a read command or a write command against the MACsec function block based on the command information, receive, from the MACsec function block, a response corresponding to the execution of the read command or write command against the MACsec function block, and provide the response to the CPU via the MDIO bus.

Abstract: The present invention provides a dust-proof electrical connector. This connector includes an outer sleeve and an inner sleeve as a receiving end for connecting a corresponding connector. The inner sleeve contacts a first contact terminal disposed on the corresponding connector. A second contact terminal is pierced through the outer sleeve and inner sleeve, for forcing and contacting the first contact terminal when the inner sleeve is moved to a specific position relative to the outer sleeve.