Abstract: Methods and apparatus for transferring packets in a packet switched communication system. A system is provided that includes an L2 device including a controller determining for each packet received whether the received packet is to be inspected, an inspection device operable to inspect and filter packets identified by the controller including using a zone specific policy and an L2 controller for transferring inspected packets in accordance with L2 header information using L2 protocols.

Abstract: Methods for assessing the current security state of a mobile communications device to determine access to specific tasks is presented. A security component on a server is configured to receive a request to access services from a mobile communications device for a specific task. The security component on the server is further configured to determine whether a security state for the mobile communications device is acceptable for access to the services. Based on the security state for the mobile device being determined to be acceptable for access to the services, access to the services is granted and a determination is whether the security state is acceptable for access to the specific task requested. Based on the security state being determined to be acceptable for access to the specific task requested, access to the specific task requested is granted by the server security component.

Abstract: Context-based application firewall functionality. A user session is initiated with a client device. The user session allows access a remote resource on a server device coupled with the client device over a network. The connection between the client device and the remote resource is through an application firewall. An application firewall context setup is performed with the application firewall in response to the user session. The application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall. A response is created to provide information from the remote resource to the client device. The response includes metadata to be used to update the firewall context information. The firewall context information is updated with the application firewall based on the metadata. The response is transmitted to the client device.

Abstract: The embodiments described herein include a system and a method. In one embodiment, a system includes a device monitoring component configured to measure control system behavior and an intrusion prevention system communicatively coupled to the device monitoring component and a communications network. The intrusion prevention system includes a control system analysis component configured to analyze the control system behavior measured by the device monitoring component against a first rule set to determine whether an anomaly, an intrusion, or both are present.

Abstract: Cryptographic methods are used at the application level, unlike known methods using point-to-point connections that can only be sufficiently secured at the transport level. Integrity protection and confidentiality protection of data are implemented at the application level for use in network technology.

Abstract: A network device records IP addresses and MAC addresses of a plurality of CPEs to form an address mapping table, sends first ARP request packets to the plurality of CPEs according to the IP addresses in the address mapping table, and receives first ARP response packets. The network device compares the MAC addresses in the first ARP response packets with the corresponding MAC addresses in the address mapping table to identify an unusual MAC address. The network device generates a plurality of IP addresses randomly, sends second ARP request packets according to the plurality of IP addresses, and receives second ARP response packets. In response to a MAC address in the second ARP response packets being same with the unusual MAC address, the network device blocks packets transmission corresponding to the unusual MAC address.

Abstract: There are provided a computer-implemented connectivity manager and a method of managing connectivity between resources in a computer network using the connectivity manager.

Abstract: The invention relates to a method and a system for managing data and a corresponding computer program and a corresponding computer-readable storage medium, which can be used, in particular, to simplify the data management on a remote storage system when accessing the storage system from a terminal. For this purpose, a method for managing data is proposed, wherein the data on a remote storage device are managed from a terminal, and wherein by an application installed on the terminal, when the data stored at a storage location on the remote storage device are accessed by the terminal, at least an identifier of the data and information about the storage location of the data are stored by the application and made available to a user when storing the optionally modified data, particularly when writing back the optionally modified data on the remote storage.

Abstract: To achieve efficient data transfer between a first network and a second network, and, in particular, to reduce processing load pertaining to address conversion, a transfer control device in the first network acquires an address of a transfer target device in the second network, and assigns the acquired address to a transfer device in the first network. When data transmitted through the first network is to be transferred to the transfer target device via the transfer device, there is no need to perform address conversion as the transfer device and the transfer target device are assigned the same address.

Abstract: Application malware filtering for advertising networks is disclosed. For example, techniques for providing a system and process for detecting malicious ad content (e.g., or other undesirable ad content) distributed by advertising (ad) networks are disclosed. In some embodiments, application (“app”) malware filtering for advertising networks includes receiving ad content; processing the ad content; and automatically determining whether the ad content is associated with a malicious app.

Abstract: An incident triage engine performs incident triage in a system by prioritizing responses to incidents within the system. One prioritization method may include receiving attributes of incidents and assets in the system, generating cumulative loss forecasts for the incidents, and prioritizing the responses to the incidents based on the cumulative loss forecasts for the incidents. Another prioritization method may include determining different arrangements of incidents within a response queue, calculating cumulative queue loss forecasts for the different arrangements of incidents within the response queue, and arranging the incidents in the response queue based on the arrangement of incidents that minimizes the total loss to the system over the resolution of all of the incidents present in the response queue.

Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a publishable computer file. The method includes selecting a first computer file encapsulating a source security policy for a computing device and creating a second computer file using the source security policy of the first computer file to create a local security policy and to encapsulate the created local security policy and also an operating system security policy. The method further includes calculating a hash value for the second computer file and storing the hash value in a header for the second computer file. The method yet further includes encrypting the second computer file, wherein the encrypted second computer file once loaded into memory of the computing device is processed by the computing device.

Abstract: A device and method are provided for a device that communicates security information to a user entering content into the device. In an aspect, the device may access content from a server over a connection through the network. The device displays the content on a user interface of the device. The device detects information entered into a field of the displayed content and evaluates a security state of the device. If the security state is below a security threshold and, if the entered information is identified as protected information based on stored criteria, the device displaying a visual indication on the user interface.

Abstract: A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address.

Abstract: A system and method for traversing a firewall for a voice-over-IP session or other communication session uses four main components: a relay agent, and NAT 30Agent, a SIP proxy and a application server. The SIP proxy is located in the public network and SIP signaling messages are routed through the SIP proxy. The sever opens ports in the firewall for signaling between the SIP proxy and the relay agent behind the firewall. The application server also opens ports in the firewall for media traffic. The NAT 30Agent disposed in the path from the firewall to the Internet filters media packets and changes the public source address of the media packets to a predetermined address associated with the open media port.

Abstract: A method, apparatus and system related to an intelligent feedback loop to iteratively reduce target packet analysis is disclosed. According to one embodiment, a method of a network traffic monitoring system includes processing a flow data received through an aggregation switch of a network traffic monitoring system in a first stage module of the network traffic monitoring system, filtering the flow data to a target data based on a packet classification in the first stage module, determining that a portion of a target data is an extraneous data based on a content filtering algorithm applied in a data processing system of the network traffic monitoring system, and iteratively removing from the target data the extraneous data based on a feedback loop created between the data processing system and the first stage module of the network traffic monitoring system.

Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.

Abstract: A network of devices permits data to be stored on the devices and subsequently searched and accessed from any other one of the devices. A plurality of channels are defined to distribute a plurality of access points throughout the network. A mechanism securely assigns authorizations to users to read or write from or to specified ones of the channels, which authorizations are capable of being checked by each of the access points. To write into a channel, a request is made to one of the access points which checks if the requesting user is authorized to write onto the requested channel. If appropriate, the data is associated with the requested channel. To search for data from a particular channel or group of channels, a search request is made to one of the access points which first checks the requesting user is authorized to read from the requested channel or group of channels.

Abstract: A network traffic notification system is disclosed that monitors network traffic and provides sound alerts for varying degrees of threatening/non-threatening network traffic. Furthermore, the network traffic notification system will prioritize and analyze data, associating the network activity to various sounds which may correspond to different levels of suspicious or non-suspicious activity. Sounds for threatening activity will be very distinct in order to notify the user of possible security risks.

Abstract: Automatically configuring split-DNS operation in a remote access point (RAP) connected to a network. During RAP initialization, the RAP establishes a secure tunnel to its controller. To use this tunnel, a client must obtain an IP address from the controller using DHCP. The RAP snoops the client DHCP request, obtaining the domain name. This returned domain name is used as a target suffix or pattern for split-DNS operation. Additionally, the RAP may query DNS servers for additional domains supported, and add these domains to targets for split-DNS operation.

Abstract: Certain embodiments described herein provide a computer system, a log collection device, and methods for protecting a plurality of guarded networks from internet threats. The computer system includes at least one processor in operative communication with a plurality of log collection circuits via the internet and in operative communication with a plurality of intelligence sources via the internet. The log collection circuit includes at least one processor in operative communication with a computer system via the internet and in operative communication with at least one firewall of the guarded network.

Abstract: A set of techniques is described for optimizing the categorization of data items in a computing system. The techniques include continuously metering data items by traversing each data item through a chain of rules in a sequential order until the data item matches a rule. Once the item matches the rule, it can be successfully categorized. The system can then analyze the number of matches for each rule over a period of time and optimize the sequential order of the chain of rules according to the analysis of the number of matches. For example, the system can modify the sequential order by arranging the rules according to the number of matches of each rule. Alternatively, the system may compute a velocity of matches and use it to optimize the sequential order. Alternatively, the system may use the rate of change to optimize the sequential order.

Abstract: Techniques for blacklisting of fault generating software code are provided. An example method includes receiving crash reports of a plurality of browsers, a crash report including an identification of one or more executables related to a software crash of a browser, wherein software code of the executables is included in a memory space of the browser during the software crash, analyzing the crash reports of the browsers to determine a browser component affected by software code of an executable included in respective memory spaces of the browsers to cause one or more software crashes of the browsers, computing, for the executable, a fault level based on a number of crashes of the browser component that is associated with the executable and a number of crashes of the browser component independent of the executable, and including an identifier representing the executable in a list based on the determined fault level.

Abstract: The present invention is a cloud computing appliance, having a chassis, at least one server, capable of connecting to a remote interface device, at least two network switches, at least one firewall, and a power supply circuit. The present invention also includes a method for initializing the cloud computing appliance, and a method for migrating software applications to the cloud computing appliance. The cloud computing appliance includes at least one private cloud and is in electronic communication with at least one public cloud. There is an electrical connection capable of being in electronic communication with the remote interface device that allows a system administrator to interact with the at least one private cloud and the at least one public cloud.

Abstract: Communication systems, including cellular networks, and the devices that are connected to them, can have both legitimate and illegitimate uses. Such communication systems, including systems that utilize, permit, or leverage machine-type-communications, may benefit from monitoring for suspicious events. A method can include receiving a monitoring request regarding a user equipment or a category of devices. The method can also include performing a monitoring activity regarding the user equipment or the category of devices with respect to at least one suspicious event. The method can further include responding to the monitoring request indicating whether monitoring will be performed for the user equipment or the category of devices.

Abstract: A system for determining whether a website is an illegitimate website, the system comprising: a requester module configured to request one or more rules from a host server for a website and to receive a response from the host server in response to a request; an analysis module configured to determine whether a response or lack of a response received by the requester module indicates that the website is an illegitimate website; and a record module configured to store an indication that the website is an illegitimate website, wherein the one or more rules provide one or more instructions to a robot computer program regarding access of the website by the robot computer program.

Abstract: System, computer program product, and method embodiments for communication between a kernel operational on a storage subsystem and a key manager (KM) through a hardware management console (HMC) to provide encryption support are provided. In one embodiment, an event request is initiated by the kernel to the KM to execute an event flow. Pursuant to a communication request by the kernel to the HMC, a socket of the HMC is opened along a communication path between the KM and the kernel according to an event flow type selected by the KM for the event flow. Data including a data payload is sent by the KM to the kernel, the data payload corresponding to the selected event flow type.

Abstract: Implementations of the present disclosure involve a system and/or method for modeling a firewall function and operation such that software based analysis and other formal analysis methods may be used with the model. In one embodiment, the system and/or method includes modeling the function of a firewall as a set of links, ingress/egress interfaces, interface switches and behaviors chained together into a spanning graph. The spanning graph may then be used in conjunction with data structures, such as a Firewall Policy Diagram, to illustrate pathways through a network for a communication packet. This system and/or method allows for the understanding of a firewall policy such that the policy can be replicated among various firewalls in the network at issue.

Abstract: A computer-implemented method for assessing Internet addresses may include (1) identifying an Internet Protocol address, (2) identifying a plurality of files downloaded from the Internet Protocol address, (3) generating an aggregation of security assessments that relates to the Internet Protocol address and that may be based at least in part on a security assessment of each of the plurality of files, (4) determining a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments and (5) facilitating a security action based at least in part on the trustworthiness of the Internet Protocol address. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The invention provides in some aspects a distributed rules processing system that includes a first and second digital data processors that are coupled to one another by one or more networks. A rules base and a transactional data base are each coupled to one of the digital data processors; both may be coupled to the same digital data processor or otherwise. One or more coordination modules (e.g., “proxies”), each of which is associated with a respective one of the digital data processors, makes available to a selected one of those digital data processors from the other of those digital data processors (i) one or more selected rules from the rules base, and/or (ii) one or more data from the transactional database on which those rules are to be executed.

Abstract: A computer-implemented subject monitoring method is provided. The method includes providing an online-monitoring agent configured for monitoring a personal computing device, receiving identifying information associated with at least one of an account, email address, site, and service from the personal computing device via the online-monitoring agent, and monitoring via a network the at least one of the account, email address, site, and service based on the identifying information received via the online-monitoring agent.

Abstract: Systems, methods, and products for pull data transfer in a request-response model are provided herein. One aspect provides for generating output data utilizing at least one data generation station; and communicating via the at least one data generation station output data related to at least one data request received from at least one data requesting station responsive to at least one criterion, the at least one criterion comprising one of expiration of a time period or generation of a threshold amount of output data. Other embodiments and aspects are also described herein.

Abstract: A method and system for processing network data and displaying the results using a customizable user interface are disclosed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for virtual machine name resolution. In one aspect, a method includes receiving a first outgoing packet from a source virtual machine executing on the data processing apparatus destined for a destination virtual machine, wherein the destination virtual machine belongs to a first cluster of virtual machines, and wherein the first outgoing packet identifies the destination virtual machine using a unique name for the destination virtual machine; determining an internal network address of the destination virtual machine based at least in part on the unique name for the destination virtual machine; and sending the first outgoing packet to the destination virtual machine by sending the packet to the internal network address.

Abstract: Systems and methods for protecting a network including preventing data traffic from exiting the network unless a domain name request has been performed by a device attempting to transmit the data traffic. In an embodiment, a device within the protected network attempting to send data outside the protected network requests an address for a destination outside the protected network from a domain name server (DNS). In response, the DNS provides an address of the destination to the device and a gateway. In response to receiving the address, the gateway temporarily allows access to the address. In an embodiment, a DNS is coupled to a protected network and the gateway, the DNS provides an external address to a device in response to a request; and a mapping to the gateway; the gateway, coupled to a protected network and an external network, allows traffic according to the mapping.

Abstract: Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a request that is sent from a client to a server is captured by an intermediary security device logically interposed between the client and the server. A human user test message is sent by the intermediary security device to the client to verify that the request was initiated by a human user of the client. A response to the human user test message is received by the intermediary security device. It is determined by the intermediary security device whether the response is a correct response to the human user test message. When the determination is affirmative, the request is allowed to pass through the intermediary security device and to be delivered to the server.

Abstract: Aspects of the present disclosure relate to providing secure access to resources of a private network. For example, a client device may transmit a request identifying the protected resource to an authentication server. The authentication server queries a network address lookup table to identify a network address of the protected resource based on the identifying information of the request. If the network address denotes a network location that is not generally accessible, the authentication server generates a resource record that identifies a bastion host, a port, and a connection method for accessing the protected resource. The resource record and the network address may then be transmitted to the client device. In response, the client device may use the information in the resource record to establish a tunnel connection with the bastion host, and the client device uses the tunnel connection to access the protected resource via the bastion host.

Abstract: A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.

Abstract: A method includes establishing an IP address whitelist including an acceptable IP address, establishing a resource whitelist including an acceptable resource request, establishing a resource blacklist including an indicator of a malicious resource request, and analyzing a resource request. Analyzing the resource request includes determining if a requestor IP address of the resource request is in the IP address whitelist, determining if the requested resource is in the resource whitelist, and determining if the requested resource is in the resource blacklist. A whitelist violation review is initiated, responsive to determining the requestor IP address is not in the IP address whitelist and the requested resource is not in the resource whitelist. A blacklist violation review is initiated, responsive to determining the requested resource is in the resource blacklist and the requestor IP address is not in the IP address whitelist and the requested resource is not in the resource whitelist.

Abstract: Mobile device having content caching mechanisms integrated with a network operator for traffic alleviation in a wireless network and methods therefor are disclosed. One embodiment includes a method of integration of content caching with a network operator for traffic alleviation a wireless network, which may be embodied on a mobile device, including determining whether a cache element stored in a local cache on the mobile device for an application poll on the mobile device is valid and forwarding the application poll to an external entity to service the application poll in response to determining that the cache element is no longer valid. The external entity is in part managed by the network operator of the wireless network and can be in part or in whole, a component of an infrastructure of the network operator or external to an infrastructure of the network operator.

Abstract: A computer-implemented method for secure third-party data storage may include (1) identifying, at a server-side computing system, a data access request from a client system to access an encrypted file stored under a user account, (2) receiving a long poll request from the client system, (3) identifying an asymmetric key pair designated for the user account, the asymmetric key pair including an encryption key and a decryption key that has been encrypted with a client-side key, (4) responding to the long poll request with a message notifying the client system to transmit the client-side key, (5) receiving, from the client system, the client-side key, (6) decrypting the decryption key with the client-side key, and (7) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts that have been sent data in accordance with a predetermined policy. Destination host identities (not the record) are stored in a buffer. The buffer size is monitored to determine whether requests from the first host are pursuant to viral activity therein.

Abstract: Embodiments of the disclosure can include systems and methods for secure remote transfers. The onsite monitoring system secure file transfer solution can allow for transferring operational data by an onsite system behind a firewall to a central monitoring and diagnostic infrastructure by sending asynchronous, concurrent, parallel files over a port using a previously opened connection. The asynchronous TLS tunneling based remote desktop protocol solution is uni-directional because the communication ports are typically open outbound only.

Abstract: Information associated with a port security state of a network device is received. The received information is converted into an icon that corresponds to the port security state of the network device. The icon is displayed to a user.

Abstract: Methods, apparatuses, and computer program products for selected alert delivery in a distributed processing system are provided. Embodiments include receiving a plurality of events from one or more event producing components of the distributed processing system; creating, by an incident analyzer, in dependence upon the events a truth space representing events that make one or more conditional event processing rules true, the truth space including a set of truth points, each truth point including a set of events and a set of event locations; creating, by the incident analyzer, in dependence upon the truth space one or more alerts; and sending, by the incident analyzer, the alerts to at least one component of the distributed processing system.

Abstract: Methods, apparatuses, and computer program products for selected alert delivery in a distributed processing system are provided. Embodiments include receiving a plurality of events from one or more event producing components of the distributed processing system; creating, by an incident analyzer, in dependence upon the events a truth space representing events that make one or more conditional event processing rules true, the truth space including a set of truth points, each truth point including a set of events and a set of event locations; creating, by the incident analyzer, in dependence upon the truth space one or more alerts; and sending, by the incident analyzer, the alerts to at least one component of the distributed processing system.

Abstract: In network access control networks, it may be difficult to provide certain remote accesses such as remote boot or remote storage access. An available network connection established through chipset firmware (e.g. active management technology (AMT)) may be utilized to establish a connection and to enable the remote access. Then as soon the completion of the activity is detected, such as remote booting, then the connection may be immediately terminated to prevent access by improper agents.

Abstract: A policy management system is described herein which generates rules based, at least in part, on reputation information provided by at least one reputation source and client event information forwarded by filtering logic. The policy management system then deploys the rules to the filtering logic. The filtering logic, which resides in-network between clients and at least one service, uses the rules to process client event information sent by the clients to the service(s). In one illustrative environment, the service corresponds to an ad hosting service, which uses the policy management system and filtering logic to help prevent malicious client traffic from reaching the ad host service, or otherwise negatively affecting the ad hosting service.

Abstract: Methods and systems for use in in analyzing cyber-security threats for an aircraft are described herein. One example method includes generating an interconnection graph for a plurality of interconnected aircraft systems. The interconnection graph includes a plurality of nodes and a plurality of links. The method also includes defining a cost function for a cyber-security threat to traverse each link and defining a requirements function for a cyber-security threat to exploit each node. The method further includes generating a set of threat traversal graphs for each cyber-security threat of a plurality of cyber-security threats.

Abstract: Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups.