FORTINET, INC. Patent applications |
Patent application number | Title | Published |
20160142384 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first and second service processing switch of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. | 05-19-2016 |
20160134724 | VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of various portions of the payload data to corresponding virtual addresses. The payload data is segmented by the network interface unit across one or more packets. | 05-12-2016 |
20160132675 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time authentication process on the second code module with reference to a multi-level whitelist database architecture. The active process is allowed to load the second code module into memory when the real-time authentication process is bypassed or when it is performed and results in an affirmative determination. | 05-12-2016 |
20160127419 | COMPUTERIZED SYSTEM AND METHOD FOR ADVANCED NETWORK CONTENT PROCESSING - A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface. | 05-05-2016 |
20160112439 | HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS - Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, network security application includes a network traffic control module, a human user test engine and a risk management module. The network traffic control module identifies a high-risk network access initiated by a device associated with a private network protected by the network security appliance. The human user test engine (i) sends a human user test message to the human user of the device to verify that the high-risk network access was initiated by or is otherwise authorized by the human user of the device; receives a response to the human user test message; and (iii) determines whether the response is a correct response to the human user test message. The risk management module allows the high-risk network access when the response is correct. | 04-21-2016 |
20160112325 | LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES - A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet is forwarded to an FSD of the cluster by: (i) extracting a configurable number of bit values from a configurable set of bit positions within the packet; (ii) determining the output of the load balancing function; (iii) identifying the port to which the FSD is coupled based on the output and the table; and (iv) transmitting the packet to the FSD via the identified port. | 04-21-2016 |
20160105396 | DATA LEAK PROTECTION IN UPPER LAYER PROTOCOLS - Methods and systems for Data Leak Prevention (DLP) in a private network are provided. A data structure is maintained within a network security appliance identifying candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning as a result of its potential for carrying sensitive information. A packet is received by the network security appliance. A protocol associated with the packet is identified. It is determined whether the identified protocol is among those of the candidate protocols. Responsive to an affirmative determination and when a command represented by the packet is among those of the corresponding commands of interest for the candidate protocol, then a DLP scan is performed on the packet. Otherwise, the packet is allowed to pass through the network security appliance without being subject to a DLP scan. | 04-14-2016 |
20160105366 | SELECTING AMONG MULTIPLE CONCURRENTLY ACTIVE PATHS THROUGH A NETWORK - Methods and systems for selecting among multiple concurrently active paths through a network are provided. According to one embodiment, a method is performed by a network interface of a source network device within a loop-free, reverse-path-learning network. The network is divided into multiple virtual local area networks (VLANs). Network traffic destined for a destination network device and specifying an address for the destination or including information from which the address can be derived is received from the source. A set of VLANs that can be used to transport the packet from the source to the destination is determined. Each VLAN in the set of VLANs is associated with a different path through the network from the source to the destination. A particular VLAN from the set of VLANs networks is selected, thereby effectively selecting a particular path from multiple selectable paths between the source and the destination. | 04-14-2016 |
20160099942 | DATA LEAK PROTECTION - Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network security device. The information includes a sensitivity level and an action to be applied to files observed by the network security device that match the watermark filtering rule. A file attempted to be passed through the network security device is received by the network security device. A watermark embedded within the received file is detected by the network security device. A sensitivity level associated with the watermark is compared by the network security device to the sensitivity level of the watermark. When the comparison results in a match, then the action specified by the watermark filtering rule is performed by the network security device. | 04-07-2016 |
20160098559 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a virus processing system includes a virus co-processor, a first memory, a general purpose processor (GPP) and a second memory. The first memory is communicably coupled to the co-processor via a first memory interface. The first memory includes a first signature compiled for execution on the co-processor. The GPP is communicably coupled to the co-processor. The second memory is communicably coupled to the co-processor via a second memory interface and to the GPP. The second memory includes a second signature compiled for execution on the GPP. The co-processor is operable to retrieve the first signature stored within the first memory through an instruction cache. The co-processor is operable to retrieve a data segment to be scanned from second memory through a data cache that is separate from the instruction cache. | 04-07-2016 |
20160095153 | MOBILE HOTSPOT MANAGED BY ACCESS CONTROLLER - Systems and methods are described for a mobile hotspot that can be managed by an access controller. According to an embodiment, a WAN connection is established by a mobile hotspot through a telecommunication data network via a wireless WAN module. When in a first mode, the mobile hotspot: (i) sets up a secure tunnel through the WAN connection with an AC of the enterprise that manages APs of a wireless network of an enterprise; (ii) broadcasts an SSID that is also broadcast by the APs; (iii) establishes a WLAN connection with a WiFi-enabled device based on an AP profile containing (a) authentication information regarding users approved to access the wireless network and (b) information identifying the SSID; (iv) receives WLAN traffic from the WiFi-enabled device through the WLAN connection; and (v) transmits the WLAN traffic to a server of the enterprise via the secure tunnel and the AC. | 03-31-2016 |
20160094519 | DIRECT CACHE ACCESS FOR NETWORK INPUT/OUTPUT DEVICES - Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the network I/O device. Information associated with the packet is queued onto an I/O device queue. The information is then transferred from the I/O device queue to a host memory of the network security device. Based on the control settings for the I/O device queue only those portions of the information corresponding to the one or more specified portions are copied to the cache of the corresponding CPU. | 03-31-2016 |
20160094515 | MOBILE HOTSPOT MANAGED BY ACCESS CONTROLLER - Systems and methods are described for a mobile hotspot that can be managed from an access controller. According to an embodiment, a mobile establishes a wide area network (WAN) connection through a wireless WAN module and establishes a wireless local area network (WLAN) connection with a wireless fidelity (WiFi)-enabled device using a first wireless access point (AP) profile, wherein the first AP profile is also used for multiple APs of an enterprise that are controlled by an access controller (AC). The mobile hotspot sets up a secure tunnel with the AC through the WAN connection. After receiving WLAN traffic from the WiFi-enabled device through the WLAN connection, the WLAN traffic is transmitted to the AC through the secure tunnel. | 03-31-2016 |
20160088475 | CACHE-BASED WIRELESS CLIENT AUTHENTICATION - Methods and systems for caching of remote server MAC authentication to enable fast roaming are provided. According to one embodiment, a wireless network controller of a wireless local area network (WLAN) receives an authentication request relating to a wireless client device from a wireless access point (AP) managed by the wireless network controller. It is determined whether a prior authentication result associated with the client is present in a cache of the controller. The client is permitted to access the WLAN via the AP when the prior authentication result is present and indicates the client was previously successfully authenticated. The authentication request is issued to a remote authentication device associated with the WLAN to determine a current authentication status of the client. Responsive to receipt of the current authentication status, information regarding the current authentication status is stored by the controller within the cache. | 03-24-2016 |
20160087954 | CACHE-BASED WIRELESS CLIENT AUTHENTICATION - Methods and systems for caching of remote server MAC authentication to enable fast roaming are provided. According to one embodiment, MAC addresses of wireless client devices contained within authentication requests associated with the wireless client devices and corresponding authentication status information provided by an authentication server associated with a wireless local area network (WLAN) responsive to the authentication requests are cached by a wireless network controller of the WLAN. A MAC-based authentication request is received by the wireless network controller from a wireless access point (AP) managed by the wireless network controller on behalf of a roaming wireless client device. It is determined whether cached authentication status information exists for the MAC address of the roaming wireless client device and if so, then the roaming wireless client device is permitted or denied access to the WLAN via the AP based on the cached authentication status information. | 03-24-2016 |
20160087938 | LOAD BALANCING IN A NETWORK WITH SESSION INFORMATION - Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously established traffic sessions from a particular source to a particular destination and forming an association between the previously established session and a particular FSD, is maintained for each port of a session-aware switching device. When a TCP SYN packet is received, the switching device: (i) reduces its vulnerability to a DoS attack by foregoing installation of a forward session entry for the forward traffic session within the session data until a processed TCP SYN/ACK packet associated with the corresponding reverse traffic session is received; (ii) selects an FSD to associate with the forward traffic session and a corresponding reverse traffic session by performing a load balancing function on the TCP SYN packet; and (iii) causes the TCP SYN packet to be processed by the selected FSD. | 03-24-2016 |
20160081139 | WIRELESS RADIO ACCESS POINT CONFIGURATION - Methods and systems for configuring an access point (AP) are provided. According to one embodiment, a dual radio AP includes: two radios, a first operating at 2.4 GigaHertz (GHz) or 5 GHz and a second operating at 5 GHz; first and second directional antennas coupled to the first and second radios, respectively; first and second transmit queues buffering packets for transmission by the first and second radios, respectively; a location determination module configured to compute locations of recipient devices of the packets; a direction identification module configured to calculate angles to direct the directional antennas based on the computed locations; an interference detection module configured to determine whether interference would take place if the packets are transmitted based on the calculated angles and estimated timing of transmission; and a transmission module configured to transmit the packets without interference between the directional antennas by rescheduling packets if necessary. | 03-17-2016 |
20160081092 | WIRELESS RADIO ACCESS POINT CONFIGURATION - Methods and systems for configuring an access point (AP) are provided. According to one embodiment, a wireless network architecture includes multiple dual concurrent wireless access points, each including dual radios and dual antennas. The dual radios are configured to operate in a same frequency band and include multiple channels within the frequency band. The dual radios in each of the dual concurrent wireless access points are configured with different channels. The dual concurrent wireless access points are configured in a cell pattern, configured to use all of the channels within the frequency band. | 03-17-2016 |
20160080411 | HARDWARE-LOGIC BASED FLOW COLLECTOR FOR DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK MITIGATION - Methods and systems for an integrated solution to flow collection for determination of rate-based DoS attacks targeting ISP infrastructure are provided. According to one embodiment, a method of mitigating DDoS attacks is provided. Information regarding at least one destination within a network for which a distributed denial of service (DDoS) attack status is to be monitored is received by a DDoS attack detection module coupled with a flow controller via a bus. The DDoS attack status is determined for the at least one destination based on the information regarding the at least one destination. When a DDoS attack is detected the flow controller is notified of the DDoS attack status for the at least one destination by the DDoS attack detection module. Responsive thereto, the flow controller directs a route reflector to divert traffic destined for the at least one destination to a DDoS attack mitigation appliance within the network. | 03-17-2016 |
20160080321 | INTERFACE GROUPS FOR RULE-BASED NETWORK SECURITY - Systems and methods for designating interfaces of a network security appliance as source/destination interfaces in connection with defining a security rule are provided. According to one embodiment, a security rule configuration interface is displayed through which a network administrator can specify parameters of security rules to be applied to traffic attempting to traverse the network security appliance. Information defining a traffic flow to be controlled by a security rule is received via the security rule configuration interface. The information defining the traffic flow includes: (i) a set of source interfaces; and (ii) a set of destination interfaces. At least one of which includes multiple interfaces such that the security rule permits the traffic flow to be defined in terms of multiple source interfaces and/or multiple destination interfaces. | 03-17-2016 |
20160065606 | CLOUD BASED LOGGING SERVICE - Methods and systems are provided for facilitating access to a cloud-based logging service. According to one embodiment, access to a cloud-based logging service is integrated within a network security appliance by automatically configuring access settings for the logging service and providing a basic level of service from the logging service by registering a user account for the security appliance with the logging service. A log is transparently created within the logging service by making use of the automatically configured access settings and treating the logging service as a logging device. A request is received by the security appliance from an administrator to access data associated with the log. Responsive thereto and without requiring separate registration of the administrator with the cloud-based logging service, the data is transparently received by the security appliance from the logging service and is presented via a graphical user interface (GUI) of the security appliance. | 03-03-2016 |
20160044114 | AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT - Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security application launches one or more functions of the client security application that are designated by the selected configuration. | 02-11-2016 |
20160036943 | DNS-ENABLED COMMUNICATION BETWEEN HETEROGENEOUS DEVICES - Methods and systems for an IPv4-IPv6 proxy mode for DNS servers are provided. According to one embodiment, a DNS query is received by a network device from a dual-stack client. A determination is made the network device whether a first record type containing an Internet Protocol (IP) address for a server associated with the query exists within a DNS database of the network device. If the first record type exists for the server, then communication is enabled between the client and the server based on the first record type; otherwise it is automatically determined whether a second record type usable by the client exists for the server. Responsive to a determination that the second record type exists, data associated with the second record type is shared with the client by the network device to enable communication between the client and the server. | 02-04-2016 |
20160036780 | AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT - Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security application launches one or more functions of the client security application that are designated by the selected configuration. | 02-04-2016 |
20160027108 | FINANCIAL INFORMATION EXCHANGE (FIX) PROTOCOL BASED LOAD BALANCING - Methods and systems for efficiently allocating a Financial Information eXchange (FIX) protocol based trading session/transaction a server by means of a load balancer are provided. According to one embodiment, a FIX packet of a FIX session is received at a load balancer fronting multiple servers of a high frequency trading (HFT) platform. A customer of the HFT platform is identified based on a SenderCompID field of the FIX packet. A customer weighting factor is determined based on a previously ascertained usage pattern of resources of the HFT platform by the customer. The customer is assigned to a server based on the weighting factor and a load of the selected server. A transport protocol flow associated with the FIX session is offloaded to a Network Processor (NP) Application Specific Integrated Circuit (ASIC). Therefore, subsequent FIX packets of the FIX session are processed by the NP ASIC. | 01-28-2016 |
20160021072 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first and second service processing switch of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. | 01-21-2016 |
20160020994 | SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION - Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a router identifies active multicast IP sessions. A data structure is maintained by the router that contains information regarding the active multicast IP sessions and includes multiple pairs of a source field and a group field ({S, G} pairs), a first pointer associated with each of the {S,G} pairs and a set of slots. Each of the {S, G} pairs defines an active multicast IP session. The source field defines a source of a multicast transmission of the multicast IP session and the group field defines a group corresponding to the multicast IP session. The first pointer points to a dynamically allocated set of outbound interface (OIF) blocks. Each slot has stored therein a second pointer to a transmit control block (TCB) data structure that services users participating in the multicast IP session. | 01-21-2016 |
20150381710 | SOCKET APPLICATION PROGRAM INTERFACE (API) FOR EFFICIENT DATA TRANSACTIONS - Methods and systems for efficient data transactions between applications running on devices associated with the same host. According to one embodiment, a host system includes an HTTP proxy and an SSL/TLS proxy operatively coupled with each other. The SSL/TLS proxy may be configured to perform SSL negotiation with a client and the HTTP proxy may be configured to communicate with a web server in clear text. Data can be transferred directly between the proxies through a pair of connected sockets using a handle of the other proxy's socket. The handle includes a pointer to an address within a memory of a first device upon which the other proxy is running In this manner, data stored at the address may be processed by a proxy running on a second device without copying the data to the second device and without the overhead associated with the TCP/IP protocol stack. | 12-31-2015 |
20150372977 | FIREWALL POLICY MANAGEMENT - Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report includes desired network traffic items that are associated with one or more action objects. The method further provides for firewall device to receive a directive to implement an appropriate firewall policy on one or more network traffic items responsive to interaction of administrator with one or more action objects corresponding to the network traffic items. Based on the directive and information from log, the firewall then defines and/or establishes appropriate firewall policy. | 12-24-2015 |
20150363611 | SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION - Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk. | 12-17-2015 |
20150363608 | SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION - Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy. | 12-17-2015 |
20150358360 | POLICY-BASED SELECTION OF REMEDIATION - Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack. | 12-10-2015 |
20150358210 | IDENTIFYING NODES IN A RING NETWORK - Methods and systems for determining a token master on a ring network are provided in which possession of an arbitration token permits a blade participating in the ring network to transmit a packet. According to one embodiment, when an event at a blade represents expiration of a timeout period for receipt of the token, a new token is transmitted onto the ring network. When the event represents receipt of the token, then the priority of the originating blade is compared that of the first blade. When the originating blade is higher priority, the token is transmitted to the next blade. When the originating blade is lower priority, the first blade is set as the originating blade and the token is transmitted to the next blade. When the priorities are equal, the blade becomes responsible for periodically transmitting a discovery marker onto the ring network to facilitate topology discovery. | 12-10-2015 |
20150351156 | TELECOMMUNICATION TERMINAL - A telecommunication terminal that integrated with a wireless access point is provided. According to one embodiment, a telecommunication terminal comprising a phone unit, a wireless access point unit, a local area network (LAN) port that is capable of connecting to a computer network and a housing that encloses said phone unit, said wireless access point unit and said LAN port. | 12-03-2015 |
20150350162 | CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS - Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer. | 12-03-2015 |
20150341382 | SCALABLE INLINE BEHAVIORAL DDOS ATTACK MITIGATION - Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components. | 11-26-2015 |
20150341313 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, the use of PKI-authenticated serial numbers within network devices manufactured by a particular manufacturer enables one-step provisioning of one or more managed devices. A managed device is provisioned with the serial number of a management device manufactured by the particular manufacturer. When the managed device is installed within a network, the management device is located by the managed device with the assistance of a locator server and the managed device initiates establishment of an encrypted management tunnel with the management device. Prior to allowing the management device to use the management tunnel to perform management functionality in relation to the managed device, credentials of the management device are verified by the managed device by comparing the PKI-authenticated unique identifier of the management device to that which is stored within the managed device. | 11-26-2015 |
20150341311 | AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT - Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security application launches one or more functions of the client security application that are designated by the selected configuration. | 11-26-2015 |
20150334088 | ACCELERATING DATA COMMUNICATION USING TUNNELS - Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN socket operating at the transport layer. Based on the application protocol, the packets are passed to an application handler of multiple application handlers operating at the application layer each of which implements one or more application acceleration techniques for a particular application layer protocol known to behave poorly within a WAN environment. The existing connection-oriented flow is securely accelerated by performing one or more application acceleration techniques and applying one or more security functions. | 11-19-2015 |
20150332046 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory. | 11-19-2015 |
20150331815 | NETWORK INTERFACE CARD RATE LIMITING - Systems and methods for limiting the rate of packet transmission from a NIC to a host CPU are provided. According to one embodiment, data packets are received from a network by the NIC. The NIC is coupled to a host central processing unit (CPU) of a network appliance through a bus system. A status of the host CPU is monitored by the NIC. A rate limiting mode indicator is set by the NIC based on the status. When the rate limiting mode indicator indicates rate limiting is inactive, then the received data packets are transmitted from the NIC to the host CPU for processing. When the rate limiting mode indicator indicates rate limiting is active, then rate limiting is performing by temporarily stopping or slowing transmission of the received data packets from the NIC to the host CPU for processing. | 11-19-2015 |
20150326534 | CONTEXT-AWARE PATTERN MATCHING ACCELERATOR - Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching process. The candidate packet is tokened to produce matching tokens and corresponding locations. A full-match process is performed on the candidate packet by a second stage of the CPMP hardware accelerator to determine whether it satisfies the candidate rule by performing one or more of (i) context-aware pattern matching, (ii) context-aware string matching and (iii) regular expression matching based on contextual information, the matching tokens and the corresponding locations. | 11-12-2015 |
20150326533 | LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES - A method for balancing load among firewall security devices in a network is disclosed. According to one embodiment, a switch causes firewall security devices (FSDs) of a cluster to enter into a load balancing mode. Responsive to receiving a heartbeat signal from an FSD, information regarding the FSD and the port on which the heartbeat signal was received are added to a table maintained by the switch that maps outputs of a load balancing function to ports of the switch. A received packet is forwarded to an FSD of the cluster by: (i) extracting a configurable number of bit values from a configurable set of bit positions within the packet; (ii) determining the output of the load balancing function; (iii) identifying the port to which the FSD is coupled based on the output and the table; and (iv) transmitting the packet to the FSD via the identified port. | 11-12-2015 |
20150319138 | FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES - Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy. | 11-05-2015 |
20150312250 | SOFT TOKEN SYSTEM - Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first out-of-band channel in encrypted form based on a secret key, the unique device ID and a hardcoded-pre-shared key. The received encrypted seed is decrypted and installed within the application. The OTP is generated by the application based on the seed. The OTP is bound to the mobile device by the application by encrypting the seed with the unique device ID and the hardcoded pre-shared key. | 10-29-2015 |
20150312220 | POLICY-BASED CONTENT FILTERING - Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a network connection is received at a networking subsystem of a firewall. The connection is characterized by a source IP address, a destination IP address and a network service protocol. The network service protocol of the network connection is determined. A matching firewall policy is identified for the connection. When the connection is allowed, it is redirected to a proxy module that is configured to support the network service protocol. A content processing configuration scheme identified by the matching firewall policy is retrieved that includes multiple content processing configuration settings, specifying whether a particular type of content filtering is to be performed, for each of multiple network service protocols. Application-level content of a packet stream associated with the network connection is reconstructed and filtered based on the applicable content processing configuration settings. | 10-29-2015 |
20150312214 | SECURING EMAIL COMMUNICATIONS - Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is prevented if the domain name is an unacceptable domain name and transmission of the the outbound email to the target recipient is permitted if the domain name is an acceptable domain name. | 10-29-2015 |
20150295937 | DETECTION OF UNDESIRED COMPUTER FILES USING DIGITAL CERTIFICATES - Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of information from the certificate chain. The file is evaluated by comparing the signature with a set signatures having a known desirable or undesirable status. The file is classified based on a result of the evaluating into a category of multiple categories, including one indicative of an associated file being an undesired file or a file suspected of being undesired. The file is handled in accordance with a policy associated with the category. | 10-15-2015 |
20150281963 | REMOTE WIRELESS ADAPTER - Systems and methods are described for connecting a private network to the Internet through a remote wireless adapter. According to one embodiment, a remote wireless adapter sets up a tunnel with a network security device through a local area network (LAN) adapter of the remote wireless adapter and sets up a wide area network (WAN) connection through a wireless modem which is connected to the wireless adapter. The remote wireless adapter receives an outgoing data packet sent by the network security device through the tunnel and writes the outgoing data packet to the WAN connection. The remote wireless adapter also receives an incoming data packet through the WAN connection and forwards the incoming data packet to the network security device through the tunnel. | 10-01-2015 |
20150281277 | NETWORK POLICY ASSIGNMENT BASED ON USER REPUTATION SCORE - A network controller device, systems, and methods thereof are described herein for enabling a mechanism of assigning network policies to one or more users based on their respective client reputation (CR) scores. CR scores indicate a measure of the level and kind of network activity that an internal resource does with external resources. Based on the evaluation of the CR score for a given user, system of the present invention can be configured to implement an appropriate policy on the user that controls the manner in which the user interacts within and outside the network. Proposed system includes multiple virtual local area networks (VLANs), wherein each VLAN is configured with a defined policy such that once the CR score for a given user has been evaluated, the user can be put on an appropriate VLAN based on the evaluation and the intended policy that the system wants the user to follow. | 10-01-2015 |
20150281007 | NETWORK FLOW ANALYSIS - Systems and methods for a network flow analysis service that facilitates collection, analysis and sharing of information regarding network flows are provided. According to one embodiment, a network flow analysis service provider collects network traffic information of network flows from a plurality of different network sources, analyzes at least one attribute associating with the network flows based on the network traffic information; and distributes the at least one attribute to subscribers of the network flow analysis service. | 10-01-2015 |
20150280929 | SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION - Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a network switch module includes a memory and multiple processors partitioned among multiple virtual routers (VRs). Each VR maintains a data structure containing therein information regarding the multicast sessions, including a first value for each of the multicast sessions, at least one chain of one or more blocks of second values and one or more transmit control blocks (TCBs). Each first value is indicative of a chain of one or more blocks of second values. Each second value corresponds to an outbound interface (OIF) participating in the multicast session and identifies a number of times packets associated with the multicast session are to be replicated. The TCBs have stored therein control information to process or route packets. Each second value is indicative of a TCB that identifies an OIF of the network device through which packets are to be transmitted. | 10-01-2015 |
20150277763 | VIRTUALIZATION IN A MULTI-HOST ENVIRONMENT - Methods and systems for implementing improved partitioning and virtualization in a multi-host environment are provided. According to one embodiment, multiple devices, including CPUs and peripherals, coupled with a system via an interconnect matrix/bus are associated with a shared memory logically partitioned into multiple domains. A first domain is associated with a first set of the devices and a second domain is associated with a second set of the devices. A single shared virtual map module (VMM), maps a memory access request to an appropriate partitioned domain of the memory to which the originating device has been assigned based on an identifier associated with the device and further based on they type of memory access. The VMM causes a memory controller to perform memory access on behalf of the device by outputting a physical address based on the identified domain and the virtual address specified by the request. | 10-01-2015 |
20150269381 | EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory that contain information for translating virtual addresses to physical addresses. Virus processing of a content object is offloaded to a hardware accelerator coupled to the processor by storing scanning parameters, including the content object and a type of the content object, to the memory using one or more virtual addresses and indicating to the hardware accelerator that the content object is available for processing. Responsive thereto, the hardware accelerator: (i) translates the virtual addresses to corresponding physical addresses based on the page directory and the page table; (ii) accesses the scanning parameters based on the physical addresses; (iii) scans the content object for viruses by applying multiple virus signatures; and (iv) returns a result of the scanning to the processor. | 09-24-2015 |
20150264011 | SECURITY INFORMATION AND EVENT MANAGEMENT - Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results of security tasks performed by the one or more security devices. | 09-17-2015 |
20150256513 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall also provides application-layer protection on behalf of the internal hosts and supports Voice over IP (VoIP) services by actively processing signaling protocols associated with VoIP sessions. An external VoIP interface of the firewall receives incoming VoIP packets having associated therewith an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on a mapping of VoIP ports to private addresses of the internal hosts. | 09-10-2015 |
20150249686 | INITIAL DIAGNOSTICS OF A NETWORK SECURITY DEVICE VIA A HAND-HELD COMPUTING DEVICE - Process, equipment, and computer program product code for configuration of and/or performing diagnostics on a network security device using a hand-held computing device are provided. According to one embodiment, a hand-held computing device is connected to a network security device via a connecting cable that is coupled to a management interface of the hand-held computing device. A mobile application running on the hand-held computing device sends a diagnostic command via the connecting cable to the network security device to initiate performance of one or more diagnostic tests on the network security device. Results of the one or more diagnostic tests are received from the network security device via the connecting cable. The results of the one or more diagnostic tests are displayed via a display of the hand-held computing device. | 09-03-2015 |
20150249644 | CLOUD-BASED SECURITY POLICY CONFIGURATION - Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second network appliance of the enterprise, physically located at a second site, by logging into the shared enterprise cloud account. A VPN client configuration is automatically created by the second network appliance that controls a VPN connection between the first and second network appliances based on the shared parameters. The VPN connection is dynamically established based on the shared parameters when the VPN client configuration permits network traffic to be exchanged between the first and second network appliances. | 09-03-2015 |
20150249641 | HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS - Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, a request that is sent from a client to a server is captured by an intermediary security device logically interposed between the client and the server. A human user test message is sent by the intermediary security device to the client to verify that the request was initiated by a human user of the client. A response to the human user test message is received by the intermediary security device. It is determined by the intermediary security device whether the response is a correct response to the human user test message. When the determination is affirmative, the request is allowed to pass through the intermediary security device and to be delivered to the server. | 09-03-2015 |
20150244691 | POLICY-BASED CONFIGURATION OF INTERNET PROTOCOL SECURITY FOR A VIRTUAL PRIVATE NETWORK - A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a policy page through which a policy, including multiple VPN settings for establishing a VPN connection, may be viewed and configured is displayed via a user interface of a source network device. The VPN settings include a type of IPSec tunnel to be established between the source network device and a peer network device. A selection regarding the type of IPSec tunnel to be used for the VPN connection is received via the user interface. The source network device requests the VPN connection be established between the source network device and the peer network device in accordance with the policy by sending a notification request to the peer network device. The notification requests includes parameter values associated with the VPN settings. | 08-27-2015 |
20150229567 | SERVICE PROCESSING SWITCH - Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, packets are load balanced among virtual routing processing resources of an IP service generator of a virtual router (VR) based switch. A packet flow cache is maintained with packet flow entries containing information indicative of packet processing actions and/or packet field manipulations for established packet flows. A determination is made regarding whether a packet is associated with an established packet flow. If so, the packet is directed to one of multiple virtual services processing resources representing application-tailored engines configured to provide managed firewall services. If the packet is allowed, it is returned to the source virtual routing processing resource for forwarding. | 08-13-2015 |
20150207693 | INHERITANCE BASED NETWORK MANAGEMENT - Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have substantially identical function. Two physical interfaces of two network devices that are to be normalized are identified. The physical interfaces are normalized by creating a virtual interface (VI) to which both correspond. A policy applicable to the VI is received. Configuration files, in which policies or rules contained therein are expressed in terms of the VI, are created for the network devices while they are offline. Physical interface configurations for the physical interfaces are resolved during installation of the network devices by resolving references to the VI in the configuration files into the respective physical interfaces. | 07-23-2015 |
20150195354 | REDIRECTION CONTENT REQUESTS - Methods and systems for redirecting content requests are provided. According to one embodiment, a subscription request from a publisher is received by a redirect host. The subscription request includes a content delivery policy and requests the redirect host to service requests for content published by the publisher. The content is hosted by servers of the publisher residing within a private network. A client request is received by the redirect host for content. It is determined based on the content delivery policy whether to select a publisher server to service the request. If not, then: (i) a redirection is made to a registered resource provider of a CDN configured to deliver content on behalf of the publisher; and (ii) information is logged to facilitate billing of the publisher and reimbursement of the registered resource provider; otherwise, a redirection is made to the selected server. | 07-09-2015 |
20150195098 | HARDWARE-ACCELERATED PACKET MULTICASTING - Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a first packet to be multicast to a first destination and a second packet to be multicast to a second destination are received. The first and second packets are classified in accordance with different virtual routers (VRs) of multiple VRs instantiated by a virtual routing engine (VRE) of a virtual routing system by determining a first selected VR to multicast the first packet and a second selected VR to multicast the second packet. For each of the first and second packets: a routing context of the VRE is switched to a routing context associated with the selected VR; at least a portion of the packet is read from one of multiple multicast address spaces associated with the selected VR; and the packet is forwarded to the destination. | 07-09-2015 |
20150193614 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time authentication process on the second code module with reference to a whitelist containing content authenticators of approved code modules, which are known not to contain viruses or malicious code. The active process is allowed to load the second code module into memory when the real-time authentication process is bypassed or when it is performed and determines a content authenticator of the code module matches one of the content authenticators. | 07-09-2015 |
20150188930 | DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING - Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, a current reputation score is maintained by the monitoring unit based upon the score and a historical score associated with the monitored device. A monitored is classified by the monitoring unit as potentially being a malicious resource based upon the current reputation score for the monitored device. | 07-02-2015 |
20150188885 | EXAMINING AND CONTROLLING IPv6 EXTENSION HEADERS - Methods and systems for selectively blocking, allowing and/or reformatting IPv6 headers by traversing devices are provided. According to one embodiment, a traversing device receives an Internet Protocol (IP) version 6 (IPv6) packet or packet fragment. One or more security checks are applied to extension headers of the IPv6 packet or packet fragment. If a security check of the one or more security checks is determined to be violated, then one or more appropriate countermeasures are identified and performed. | 07-02-2015 |
20150188784 | CLOUD BASED LOGGING SERVICE - Methods and systems are provided for providing access to a cloud-based logging service to a user without requiring user registration. According to one embodiment, access to a cloud-based logging service is integrated within a network security gateway appliance by automatically configuring access settings for the logging service without registering the gateway appliance with the logging service. A traffic or event log is transparently created within the logging service by making use of the automatically configured access settings and treating the logging service as a logging device. A request is received, by the gateway appliance, from an administrator to access data associated with the log. Responsive to the request, the data from the logging service is transparently retrieved, by the gateway appliance, and presented to the administrator via a graphical user interface (GUI) of the gateway appliance. | 07-02-2015 |
20150180887 | LOGGING ATTACK CONTEXT DATA - Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received from an administrator of a network security device. The configuration information includes information indicative of a quantity of packets to be captured for post attack analysis. Responsive to receipt of the configuration information, a size of a circular buffer is configured based thereon. Multiple packets directed to a network protected by the network security device are received from an external network. The received packets are temporarily buffered within the circular buffer. An analysis is performed to determine whether one of the received packets is potentially associated with a threat or undesired activity (“trigger packet”). Responsive to an affirmative determination, contextual information is captured by extracting information regarding at least a portion of the configured quantity of packets from the circular buffer and storing the contextual information within a log. | 06-25-2015 |
20150180829 | HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS - Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, when an intermediary security device identifies a high-risk network access that is potentially initiated by a human user or a piece of software running on the device of the human user, a human user test message is sent to the human user to verify that the high-risk network access was indeed initiated by the human user. After a response to the human user test message is received by the intermediary security device, it is determined if the response is a correct response to the human user test. The security device allows the high risk network access if the response is correct. | 06-25-2015 |
20150163249 | POLICY-BASED SELECTION OF REMEDIATION - Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies. Each security policy defines a parameter condition violation of which is potentially indicative of unauthorized activity on or manipulation of the second computer system to make it vulnerable to attack. When a result of the determination is affirmative, then a remediation is identified by the first computer system that can be applied to the second computer system to address the violation; and the remediation is deployed to the second computer system. | 06-11-2015 |
20150156234 | SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION - Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a network device. A data structure is maintained by the network device and contains therein information regarding the multicast sessions, including a first value for each of the multicast sessions, at least one chain of one or more blocks of second values and one or more transmit control blocks (TCBs). Each first value is indicative of a chain of one or more blocks of second values. Each second value corresponds to an outbound interface (OIF) participating in the multicast session and identifies a number of times packets associated with the multicast session are to be replicated. The TCBs have stored therein control information to process or route packets. Each second value is indicative of a TCB that identifies an OIF of the network device through which packets are to be transmitted. | 06-04-2015 |
20150154418 | SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION - Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy. | 06-04-2015 |
20150150135 | CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS - Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol response is received at a network device logically interposed between one or more clients and a server. The response represents a response to a request from one of the clients relating to a file associated with a share of the server. A determination is made whether a holding buffer corresponding to the file exists. If not, then one is created; otherwise, the existing holding buffer is used for any of the clients or processes running on the clients that access the file. Data read from or written to the file as a result of the request is buffered into the holding buffer. The existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer. | 05-28-2015 |
20150150134 | DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING - Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, the monitoring unit maintains a current reputation score for the monitored device based upon the score and a historical score associated with the monitored device. The monitoring unit classifies one of the monitored devices as potentially being a malicious resource based upon its current reputation score. | 05-28-2015 |
20150146730 | HETEROGENEOUS MEDIA PACKET BRIDGING - Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network switching/routing blade server comprises network interfaces, including a first and second set operable to receive packets encapsulated within a first and second set of media transmissions, respectively, and each having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory stores data structures for translating between the first and second framing media formats via an intermediate format. The netmods pass a received packet, through a switching fabric, to the bridging application, which determines a relay location for the packet and whether the relay location is among the other set of netmods. Responsive to an affirmative determination, the bridging application uses the translation data structures to translate the packet before relaying the packet to the relay location. | 05-28-2015 |
20150113630 | COMPUTERIZED SYSTEM AND METHOD FOR ADVANCED NETWORK CONTENT PROCESSING - A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning The processed portion of network content may be forwarded using a second interface. | 04-23-2015 |
20150113264 | INLINE INSPECTION OF SECURITY PROTOCOLS - Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module. | 04-23-2015 |
20150110125 | VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of the computer system is fetched by an interface of the computer system by performing direct virtual memory addressing of a user memory space of a system memory of the computer system on behalf of a network processor of the computer system. The direct virtual memory addressing maps a physical address of the payload data to a virtual address. The payload data is segmented by the network processor across one or more packets. | 04-23-2015 |
20150106867 | SECURITY INFORMATION AND EVENT MANAGEMENT - Systems and methods for conducting correlation analysis for security events with assets attributes of a network by a SIEM device to enable more efficient reporting are provided. According to one embodiment, when a SIEM device obtains a security event, a risk level of the security event is calculated based on at least a correlation of the security event with one or more asset attributes of a network that is managed by the SIEM device. When the risk level meets a predetermined or configurable threshold, the SIEM device causes the security event to be reported to an administrator of the network. | 04-16-2015 |
20150101054 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a system includes a system memory, a general purpose processor, an instruction memory and a virus co-processor. The processor is coupled to the system memory and operable to store a data segment therein. The instruction memory includes a virus signature, having a first instruction of a first instruction type and a second instruction of a second instruction type, for detection of a computer virus. The co-processor is coupled to the instruction memory and the system memory and is operable to access the data segment. The co-processor includes first and second instruction pipes operable to execute the first and second instruction types, respectively. The first and second instruction pipes include first and second write back circuits, respectively, that are linked to ensure a ordered write back of instructions. | 04-09-2015 |
20150098335 | SELECTING AMONG MULTIPLE CONCURRENTLY ACTIVE PATHS THROUGH A NETWORK - Methods and systems for selecting among multiple concurrently active paths through a network are provided. According to one embodiment, a method is performed by a network interface of a source node within a loop-free, reverse-path-learning network. The network is divided into multiple virtual networks. A packet destined for a destination node and specifying an address for the destination or including information from which the address can be derived is received from the source. A set of virtual networks that can be used to transport the packet from the source node to the destination node is determined. Each virtual network in the set of virtual networks provides a different path through the network from the source to the destination. A particular virtual network from the set of virtual networks is selected, thereby effectively selecting a particular path from multiple selectable paths between the source and the destination. | 04-09-2015 |
20150095969 | SYSTEM AND METHOD FOR SOFTWARE DEFINED BEHAVIORAL DDOS ATTACK MITIGATION - Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances. | 04-02-2015 |
20150095636 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first virtual router (VR) and a second VR running on a first and second service processing switch, respectively, of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. | 04-02-2015 |
20150095491 | DIRECTING CLIENTS BASED ON COMMUNICATION FORMAT - Methods and systems for redirecting client requests are provided. According to one embodiment, a system includes a processor and a memory coupled to the processor and configured to provide the processor with instructions. A request is received from a client capable of communicating via multiple supported communication formats. The request is capable of being serviced by multiple servers each of which are configured to communicate via a different communication format. A server is selected from the multiple servers based on a traffic management policy. The traffic management policy is based on (i) different communication formats available via the multiple servers and (ii) performance expected to be provided to the client as a result of using each of the different communication formats. The client is then redirected to the selected server. | 04-02-2015 |
20150089627 | SECURING EMAIL COMMUNICATIONS - Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is prevented if the domain name is an unacceptable domain name and transmission of the outbound email to the target recipient is permitted if the domain name is an acceptable domain name. | 03-26-2015 |
20150058917 | CLOUD-BASED SECURITY POLICY CONFIGURATION - Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, a first network appliance logs into a cloud account. One or more security parameters of the first network appliance are synchronized, by the first network appliance, with corresponding security parameters shared by a second network appliance to the cloud account. A security policy that controls a connection between the first network appliance and the second network appliance is automatically created, by the first network appliance, based at least in part on the one or more security parameters. | 02-26-2015 |
20150055481 | CONTEXT-AWARE PATTERN MATCHING ACCELERATOR - Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received and pre-matched by an acceleration device with one or more conditions to identify packets meeting the one or more conditions. The acceleration device then correlates at least one identified packet based on the one or more conditions to generate matching tokens of the packet that meet the one or more conditions and sends, to one or more processors of the acceleration device, the matching tokens along with identifiers of the one or more conditions so that the processors can process the matching tokens and the identifiers of the one or more conditions based on one or more of context aware string matching, regular expression matching, and packet field value matching to extract packets that match context of the one or more conditions. | 02-26-2015 |
20150052362 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, network devices, including a peer managed devices, a management device and a trusted peer managed device are deployed within a network. The network devices are pre-configured to form a web of trust by storing within each network device (i) a digital certificate signed by a manufacturer or a distributor and (ii) a unique identifier. The peer managed device establishes a management tunnel with the management device based on an address received from an external source. Prior to allowing the management device to use the management tunnel to perform management functionality, the peer managed device verifies credentials of the managed device by causing its unique identifier to be confirmed with reference to a pre-configured identifier of an authorized management device stored within the peer managed device. | 02-19-2015 |
20150033336 | LOGGING ATTACK CONTEXT DATA - Methods and systems are provided for improved attack context data logging. In one embodiment, additional context is provided for an attack by logging either a predetermined or configurable number or predetermined or configurable timeframe of packets before and optionally after detection of a packet associated with an attack. This additional context facilitates understanding of the attack and can help in connection with improving the implementation of signatures that are used to detect attacks and reducing false positives. In one aspect, the system is configured to assess multiple packets across one or more sessions and temporarily store each packet in a buffer having a configurable size such that once an attack is detected, a log can be generated based at least in part on packets present in the buffer. Then, the log can be analyzed so as to understand the context of the attack. | 01-29-2015 |
20150033322 | LOGGING ATTACK CONTEXT DATA - Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received by a firewall device from a network administrator. The configuration information includes a number (N) of packets to capture by the firewall device responsive to an event detected by the firewall device that is potentially indicative of a threat or undesired activity. Multiple packets are received by the firewall device. The firewall device applies an attack detection algorithm, including one or more of a set of intrusion detection signatures, a set of malware detection signatures and a set of security policies, to the received packets. Responsive to the firewall device determining that a trigger packet is associated with a potential threat or potential undesired activity, the firewall device causes information regarding N packets of the received packets, inclusive of the trigger packet, to be stored in a log. | 01-29-2015 |
20150026768 | REMOTE WIRELESS ADAPTER - Systems and methods are described for connecting a private network to the Internet through a remote wireless adapter. According to one embodiment, a remote wireless adapter sets up a tunnel with a network security device through a local area network (LAN) adapter of the remote wireless adapter and sets up a wide area network (WAN) connection through a wireless modem which is connected to the wireless adapter. The remote wireless adapter receives an outgoing data packet sent by the network security device through the tunnel and writes the outgoing data packet to the WAN connection. The remote wireless adapter also receives an incoming data packet through the WAN connection and forwards the incoming data packet to the network security device through the tunnel. | 01-22-2015 |
20150026463 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by the kernel mode driver by authenticating a content authenticator of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that contains content authenticators of approved code modules that are known not to contain viruses or malicious code and (ii) a local whitelist database containing content authenticators of at least a subset of the approved code modules. The activity relating to the code module is allowed when the content authenticator matches one of the content authenticators of approved code modules within the multi-level whitelist. | 01-22-2015 |
20150019859 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of a service provider. Multiple virtual routers (VRs) are provided within each of multiple service processing switches of a service provider. Each VR is supported by an object group and each object of the object group supports a network service. One or more VRs are assigned to a subscriber of multiple subscribers of the service provider. Customized network services are provided to the subscriber by the one or more VRs assigned to the subscriber. | 01-15-2015 |
20140380483 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory. | 12-25-2014 |
20140351937 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A virus signature file that includes multiple virus signatures capable of detecting and identifying a variety of known viruses is downloaded by a general purpose processor. It is determined by the general purpose processor whether a virus co-processor is coupled to the general purpose processor. When the virus co-processor is determined to be coupled to the general purpose processor, then it is further determined by the general purpose processor which virus signatures are supported by the virus co-processor (“CP-supported virus signatures”). The CP-supported virus signatures are transferred to a memory associated with the virus co-processor. The virus co-processor is directed by the general purpose processor to perform a virus scan based on the supported virus signatures. | 11-27-2014 |
20140351918 | POLICY-BASED CONTENT FILTERING - Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with respect to a particular network session based on a set of source Internet Protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. Policy-based content filtering of network sessions is performed by: (i) identifying a firewall security policy matching traffic associated with the network session; (ii) identifying content filtering processes to be performed on the traffic based on the configuration scheme associated with the matching firewall security policy; and (iii) applying the identified content filtering processes to the traffic. | 11-27-2014 |
20140344417 | FACILITATING CONTENT ACCESSIBILITY VIA DIFFERENT COMMUNICATION FORMATS - Methods and systems for facilitating content accessibility via different communication formats are provided. According to one embodiment, a method is provided for directing content requests to an appropriate content delivery network. A content request is received from a client. The content request relates to web page content published by a content publisher in an Internet Protocol version 4 (IPv4) format or an Internet Protocol version 6 (IPv6) format that is obtained by the content delivery network from the content publisher and is translated to the other format by the content delivery network prior to receiving any content requests for the web page content. A communication format through which the client is capable of communicating is determined. The content request is directed to a content delivery network that supports the communication format through which the client is capable of communicating. | 11-20-2014 |
20140331318 | SECURING EMAIL COMMUNICATIONS - Methods and systems are provided for securing email communications. According to one embodiment, a network device evaluates whether a domain name of a target recipient of an outbound email is present in a local white list or a local black list. If it is found in the local white list, the email is transmitted to the target recipient. If it is found in the local black list, transmission of the email to the target recipient is prevented. When the domain name is not present in the local black list and the local whitelist, a global doppelganger database is checked. If it is found in the global doppelganger database, the email is handled according to a corresponding acceptability flag; otherwise, the validity of the domain name is dynamically verified and handled according to the verification result. | 11-06-2014 |
20140331274 | SECURITY SYSTEM FOR PHYSICAL OR VIRTUAL ENVIRONMENTS - Systems and methods for performing intra-zone and inter-zone security management in a network are provided. According to one embodiment, an association is formed by a network security device between a first zone including a first set of devices and a first set of security policies defining a first type of security scanning to be performed on packets originated within the first zone and between a second zone including a second set of devices and a second set of security policies defining a second type of security scanning to be performed on packets originated within the second zone. A first zone packet is received by the network security device. It is determined whether the destination is within the first zone. If so, then the first type of security scanning is performed. A second zone packet is received by the network security device. It is determined whether the destination is within the second zone. If so, then the second type of security scanning is performed. | 11-06-2014 |
20140325636 | LOAD BALANCING IN A NETWORK WITH SESSION INFORMATION - Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, a switch maintains session data the session entries of which represent established traffic sessions between a source and a destination and form an association between the traffic session and a particular FSD. A data packet of a traffic session from a client device directed to a target device is received at the switch. When none of the session entries are determined to correspond to the data packet, an FSD is selected to associate with the first traffic session by performing a load balancing function on at least a portion of the data packet. When a matching session entry exists, an FSD identified by the matching session entry is selected to process the data packet. The data packet is then caused to be processed by the selected firewall security device. | 10-30-2014 |
20140304827 | DATA LEAK PROTECTION - Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network device. The information includes a sensitivity level and an action to be applied to files observed by the network device that match the watermark filtering rule. A file attempted to be passed through the network device is received by the network device. A watermark embedded within the received file is detected by the network device. A sensitivity level associated with the watermark is compared by the network device to the sensitivity level of the watermark filtering rule after the watermark is detected. If the comparison results in a match, then the action specified by the watermark filtering rule is performed by the network device. | 10-09-2014 |
20140304767 | POLICY-BASED SELECTION OF REMEDIATION - Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a computer system is periodically sampled. A determination is made regarding whether the program-code-based operational state represents a violation of a security policy by evaluating the information with respect to multiple security policies each of with defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the computer system or manipulation of the computer system to make the computer system vulnerable to attack. When a violation exists then a remediation is identified and deployed to the computer system. The violation is based at least in part on one or more of: whether a particular process is running; the existence, version or status of a particular application; and a version, type or configuration of an operating system installed. | 10-09-2014 |
20140304386 | ROUTING CLIENT REQUESTS - Methods and systems for routing client requests are provided. According to one embodiment, a request handling server facilitates servicing of client requests for content published by a content publisher. A Domain Name System (DNS) service and a web service are provided by the request handling server. A rule for managing services provided by the request handling server to the content publisher is obtained by the request handling server. One or both of the DNS service and the web service are enabled by the request handling server for the content publisher based on the rule. | 10-09-2014 |
20140289840 | SYSTEM AND METHOD FOR INTEGRATED HEADER, STATE, RATE AND CONTENT ANOMALY PREVENTION FOR SESSION INITIATION PROTOCOL - Methods and systems for an integrated solution to the rate based denial of service attacks targeting the Session Initiation Protocol are provided. According to one embodiment, header, state, rate and content anomalies are prevented and network policy enforcement is provided for session initiation protocol (SIP). A hardware-based apparatus helps identify SIP rate-thresholds through continuous and adaptive learning. The apparatus can determine SIP header and SIP state anomalies and drop packets containing those anomalies. SIP requests and responses are inspected for known malicious contents using a Content Inspection Engine. The apparatus integrates advantageous solutions to prevent anomalous packets and enables a policy based packet filter for SIP. | 09-25-2014 |
20140283043 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT - A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. | 09-18-2014 |
20140282816 | NOTIFYING USERS WITHIN A PROTECTED NETWORK REGARDING EVENTS AND INFORMATION - Systems and methods are provided for notifying users within protected network about various events and information. According to one embodiment, a method includes receiving, by a filtering device, a request originated by an application running on a client device. The method further includes making a determination, by the filtering device, whether the request is to be blocked or allowed, based on the one or more policies. If the request is to be blocked, a notification is provided to a user of the client device regarding the determination by causing the application to display a predefined message. | 09-18-2014 |
20140281506 | SOFT TOKEN SYSTEM - Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a method is provided for soft token management. A mobile device of a user of a secure network resource receives and installs a soft token application. A unique device ID of the mobile device is programmatically obtained by the soft token application. A seed for generating a soft token for accessing the secure network resource is requested by the soft token application. Responsive to receipt of the seed by the soft token application, the soft token is generated based on the seed and the soft token is bound to the mobile device by encrypting the seed with the unique device ID and a hardcoded pre-shared key. | 09-18-2014 |
20140280809 | REMOTE MANAGEMENT SYSTEM FOR CONFIGURING AND/OR CONTROLLING A COMPUTER NETWORK SWITCH - Methods and systems for remotely managing a switching device are provided. According to one embodiment the existence of a firewall security device within a network is automatically determined by a discovery module of a switching device. Upon determining the existence of the firewall security device, a command channel is established with the firewall security device by a communication module of the switching device. The switching device may then receive commands issued by the firewall security device through the command channel relating to configuration of one or more Virtual Local Area Networks (VLANs). | 09-18-2014 |
20140259163 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT - A method for processing network traffic data includes receiving a packet, and determining whether the packet or a session of the packet is associated with a flooding attack. Some embodiments are implemented on network switching devices. | 09-11-2014 |
20140259142 | SYSTEMS AND METHODS FOR DETECTING UNDESIRABLE NETWORK TRAFFIC CONTENT - A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content desired to be detected includes receiving electronic data at a receiving station, and determining whether the received electronic data is associated with a content desired to be detected, wherein the receiving station does not include content detection data for identifying the content desired to be detected. | 09-11-2014 |
20140259141 | SYSTEMS AND METHODS FOR DETECTING UNDESIRABLE NETWORK TRAFFIC CONTENT - A method of detecting a content desired to be detected includes receiving electronic data at a first host, determining a checksum value using the received electronic data, sending the checksum value to a processing station, the processing station being a second host that is different from the first host, and receiving a result from the processing station, the result indicating whether the electronic data is associated with a content desired to be detected. A method of detecting a content desired to be detected includes receiving electronic data at a receiving station, and determining whether the received electronic data is associated with a content desired to be detected, wherein the receiving station does not include content detection data for identifying the content desired to be detected. | 09-11-2014 |
20140259098 | METHOD, APPARATUS, SIGNALS AND MEDIUM FOR ENFORCING COMPLIANCE WITH A POLICY ON A CLIENT COMPUTER - A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion. | 09-11-2014 |
20140258771 | HIGH-AVAILABILITY CLUSTER ARCHITECTURE AND PROTOCOL - Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of a high availability (HA) cluster. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a disabled interface of a second cluster unit. While the first cluster unit is operational and has connectivity, it receives and processes all traffic originated by the network device that is destined for the external network. Upon determining the first cluster unit has failed or has lost connectivity, then all subsequent traffic originated by the network device that is destined for the external network is directed to the second cluster unit. | 09-11-2014 |
20140258520 | SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT - A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data representing a probability of accuracy of a characterization of network traffic content, and associating each of the plurality of data with a technique for characterizing network traffic content. A method for categorizing network traffic content includes determining a characterization of the network traffic content, determining a weight value associated with the characterization, and categorizing network traffic content based at least in part on the characterization of the network traffic content and the weight value. | 09-11-2014 |
20140237601 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object is stored by a general purpose processor to a system memory. The memory has stored therein a page directory containing information for translating virtual addresses to physical addresses. Multiple most recently used entries of the page directory are cached, by a virus co-processor, within translation lookaside buffers (TLBs) implemented within an on-chip cache of the co-processor. Instructions are read by the co-processor, from a virus signature memory of the co-processor. The instructions contain op-codes of a first and second instruction type. Instructions of the first type are assigned to a first instruction pipe of the co-processor. An instruction assigned to the first instruction pipe is executed including accessing the content object by performing direct virtual memory addressing of the system memory and comparing the content object against a string. | 08-21-2014 |
20140223540 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to an appropriate media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 08-07-2014 |
20140223507 | CLOUD-BASED SECURITY POLICY CONFIGURATION - Systems and methods for configuring security policies based on cloud are provided. According to one embodiment, security parameters are shared on cloud by security devices. A first network appliance may fetch one or more security parameters shared by a second network appliance from a cloud account. Then the first network appliance automatically creates a security policy that controlling a connection between the first network appliance and the second network appliance based at least in part on the one or more security parameters. | 08-07-2014 |
20140181979 | CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS - Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol request issued by a client to a server is received at a network device logically interposed between the client and the server. The request is issued to the server by the network device. A single shared holding buffer, used for both read and write accesses to the file and used by multiple processes running on the client, is implemented by the network device for the file during a remote file-system access protocol session. Data being read from or written to the file as a result of the request is buffered into the buffer. Responsive to a predetermined event in relation to the remote file-system access protocol or the buffer, the existence or non-existence of malicious, dangerous or unauthorized content is determined by performing content filtering on the buffer. | 06-26-2014 |
20140181511 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by authenticating a cryptographic hash value of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that is maintained by a trusted service provider and that contains cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code and (ii) a local whitelist database containing cryptographic hash values of at least a subset of the approved code modules. The activity relating to the code module is allowed when the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the multi-level whitelist. | 06-26-2014 |
20140177631 | HARDWARE-ACCELERATED PACKET MULTICASTING - Methods and systems for hardware-accelerated packet multicasting are provided. According to one embodiment, a multicast packet is received at an ingress system of a packet-forwarding engine (PFE). Multiple flow classification indices are identified for the multicast packet by the ingress system. The multiple flow classification indices are sent to an egress system of the PFE by the ingress system. A single copy of the multicast packet is buffered in a memory accessible by the egress system. Corresponding transform control instructions are identified by the egress system based on each flow classification index. The single copy of the multicast packet is read from the memory. The multicast packet is transformed to an outgoing packet for each instance of the multicast packet based on the corresponding transform control instructions. The outgoing packet is transmitted for routing to a network. | 06-26-2014 |
20140177442 | PERFORMING RATE LIMITING WITHIN A NETWORK - Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second network device thereby collectively providing multiple paths between the first and second network devices. Packets are received by the first device that are associated with a flow sent by a source network device. The packets are forwarded by the first device to the second device via a particular path of the multiple paths. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source device is instructed to reduce the rate at which the packets are sent. | 06-26-2014 |
20140156812 | CUSTOMIZED CONFIGURATION SETTINGS FOR A NETWORK APPLIANCE - Methods and systems for temporarily configuring a network appliance in accordance with externally provided customized configuration settings are provided. According to one embodiment, a network appliance may operate in one of multiple configuration modes, including an internal configuration mode and an external configuration mode. When operating in the internal configuration mode, the network appliance loads and runs configuration settings from a memory internal to the network appliance. When operating in the external configuration mode, the network appliance loads and runs configuration settings from an external storage device coupled to an interface of the network appliance. | 06-05-2014 |
20140143876 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A data segment is received by a general purpose processor coupled to a virus co-processor and a memory via an interconnect bus. The memory includes a first signature and a second signature. The first includes a primitive instruction and a Content Pattern Recognition (CPR) instruction stored at contiguous locations in the memory and compiled for hardware execution on the co-processor. The second is compiled for software execution. The data segment is scanned by the general purpose processor by applying the second signature against the data segment. The co-processor is directed by the general purpose processor to scan the data segment by applying the first signature against the data segment by storing the data segment to the memory and indicating a request for a scan to the co-processor. | 05-22-2014 |
20140143854 | LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES - A method for balancing load among firewall security devices in a network is disclosed. Firewall security devices are arranged in multiple clusters. A switching device is configured with the firewall security devices by communicating control messages and heartbeat signals. Information regarding the configured firewall security devices is then included in a load balancing table. A load balancing function is configured for enabling the distribution of data traffic received by the switching device. A received data packet by the switching device is forwarded to one of the firewall security devices in a cluster based on the load balancing function, the load balancing table and the address contained in the data packet. | 05-22-2014 |
20140123284 | UNPACKING JAVASCRIPT WITH AN ACTIONSCRIPT EMULATOR - Methods and systems for detecting an attempt to evaluate embedded JavaScript are provided. According to one embodiment, an ActionScript emulator receives a Flash file to be tested. The emulator implements a modified version of a class typically implemented by a Flash file container. The emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The emulator determines whether the one or more tags are capable of containing ActionScript bytecode (ABC) by evaluating the one or more tags. When an affirmative determination results with respect to a tag of the one or more tags, then the emulator interprets and executes the ABC associated with the tag. Responsive to invocation of a predetermined method of the modified version of the class by the ABC and meeting one or more predetermined conditions, the emulator reports existence of embedded JavaScript within the Flash file. | 05-01-2014 |
20140123283 | DETECTION OF HEAP SPRAYING BY FLASH WITH AN ACTIONSCRIPT EMULATOR - Methods and systems for detecting heap spraying by ActionScript bytecode (ABC) contained within a Flash file are provided. According to one embodiment, an ActionScript emulator receives a Flash file to be tested. The emulator implements a modified version of a class typically implemented by an ActionScript virtual machine. The emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The emulator determines whether the one or more tags are capable of containing ABC by evaluating the one or more tags. When an affirmative determination results with respect to a tag of the one or more tags, then the emulator interprets and executes the ABC associated with the tag. Responsive to observing one or more predetermined conditions by a detector implemented within a predetermined method of the modified class, the emulator reports existence of heap spraying functionality within the Flash file. | 05-01-2014 |
20140123282 | UNPACKING FLASH EXPLOITS WITH AN ACTIONSCRIPT EMULATOR - Methods and systems for detecting an attempt to load embedded Flash are provided. According to one embodiment, an ActionScript emulator running on a computer system receives a Flash file to be tested. The ActionScript emulator implements a modified version of a class typically implemented by an ActionScript virtual machine. The ActionScript emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The ActionScript emulator determines whether the one or more tags are capable of containing ActionScript bytecode (ABC) by evaluating the one or more tags. When an affirmative determination results with respect to a tag of the one or more tags, then the ActionScript emulator interprets and executes the ABC associated with the tag. Responsive to invocation of a predetermined method of the modified class by the ABC, the ActionScript emulator reports existence of embedded Flash within the Flash file. | 05-01-2014 |
20140123137 | DETECTION OF FLASH EXPLOITS WITH AN ACTIONSCRIPT EMULATOR - Methods and systems for detecting Flash exploits are provided. According to one embodiment, an ActionScript emulator running on a computer system receives a Flash file to be tested. Responsive to a method implemented by the ActionScript emulator observing one or more predetermined conditions associated with a known Flash exploit, the ActionScript emulator reports existence of the known Flash exploit within the Flash file. | 05-01-2014 |
20140122052 | DETECTION OF JIT SPRAYING BY FLASH WITH AN ACTIONSCRIPT EMULATOR - Methods and systems for detecting JIT spraying by ActionScript bytecode (ABC) contained within a Flash file are provided. According to one embodiment, an ActionScript emulator receives a Flash file to be tested. The emulator implements a modified version of an operator typically implemented by an ActionScript virtual machine. The emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The emulator determines whether the one or more tags are capable of containing ABC by evaluating the one or more tags. When an affirmative determination results with respect to a tag of the one or more tags, then the emulator interprets and executes the ABC associated with the tag. Responsive to observing one or more predetermined conditions by a detector implemented within the modified version of the operator, the emulator reports existence of JIT spraying functionality within the Flash file. | 05-01-2014 |
20140115323 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, a trusted service provider maintain a cloud-based whitelist containing cryptographic hash values including those of code modules that are approved for execution on computer systems of subscribers of the service provider. A code module information query, including a cryptographic hash value of a code module, is received from a computer system of a subscriber by the service provider. If the cryptographic hash value matches one the cryptographic hash values contained within the cloud-based whitelist and the code module is an approved code module, then the service provider responds with an indication that the code module is authorized for execution; otherwise, it (i) responds with an indication that the code module is an unknown code module; and (ii) causes one or more behavior analysis techniques to be performed on the code module. | 04-24-2014 |
20140101720 | CONFIGURING INITIAL SETTINGS OF A NETWORK SECURITY DEVICE VIA A HAND-HELD COMPUTING DEVICE - Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are presented to a network administrator via a touch-screen display of the hand-held computing device. Revisions to or acceptance of the default initial settings are received by the mobile application. The mobile application causes the network security device to be configured with the revised or accepted default initial settings by delivering the settings to the network security device via a management interface to which the hand-held computing device is coupled via a connecting cable. | 04-10-2014 |
20140096254 | EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus co-processing is provided. A general purpose processor stores a data segment to its system memory using a virtual address. The system memory has stored therein a page directory and a page table containing information for translating virtual addresses to physical addresses within a physical address space of the system memory. A virus processing hardware accelerator translates the virtual address of the data segment to a physical address of the data segment based on the page directory and the page table. The hardware accelerator accesses the data segment based on the physical address. The hardware accelerator scans the data segment for viruses by executing multiple pattern comparisons against the data segment. The hardware accelerator returns a result of the scanning to the general purpose processor via the system memory. | 04-03-2014 |
20140090014 | POLICY-BASED CONTENT FILTERING - Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall device maintains a policy database including multiple policies. The policies includes information regarding an action to take with respect to a network session based on a set of source internet protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. When the action is to allow the network session, the policy also includes information regarding a configuration scheme defining administrator-configurable content filtering processes to be performed on traffic associated with the network session. Policy-based content filtering is performed by the firewall device by (i) identifying a matching policy for the network session at issue; (ii) identifying multiple content filtering processes to be performed on the traffic based on the configuration scheme associated with the matching policy; and (iii) applying the identified content filtering processes on the traffic. | 03-27-2014 |
20140090013 | POLICY-BASED CONTENT FILTERING - Methods and systems are provided for processing application-level content of network service protocols. According to one embodiment, one or more content processing configuration schemes are defined within a firewall device. Each of the one or more content processing configuration schemes including multiple content processing configuration settings for one or more network service protocols. The one or more content processing configuration schemes are stored by the firewall device. One or more of the stored content processing configuration schemes are associated with a firewall policy by the firewall device. | 03-27-2014 |
20140082355 | SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, a whitelist containing cryptographic hash values of code modules that are approved for loading into memory of a computer system and execution on the computer system is maintained by a kernel mode driver of the computer system. At least a subset of the cryptographic hash values has been included within the whitelist based upon results of application of one or more behavior analysis techniques to a corresponding subset of code modules. The kernel mode driver monitors a set of events occurring within one or more of a file system accessible by the computer system and an operating system that manages resources of the computer system. The kernel mode driver causes a cryptographic hash value of a code module relating to an observed event of the set of events to be authenticated with reference to the whitelist. When the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the whitelist, the code module is allowed to be loaded and executed within the computer system. | 03-20-2014 |
20140079056 | SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION - Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session. | 03-20-2014 |
20140078907 | SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION - Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session. | 03-20-2014 |
20140075187 | SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, responsive to a monitored file system or operating system event initiated by an active process, a real-time authentication process is performed or bypassed on a code module to which the monitored event relates with reference to a whitelist that includes cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code. The active process is allowed to load the code module when the authentication process is bypassed or when the cryptographic hash value of the code module matches one of the cryptographic hash values of approved code modules within the whitelist. | 03-13-2014 |
20140068749 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - Systems, methods, and software for processing received network traffic content in view of content detection data and configuration data to either block, permit, or to further evaluate network traffic content when entering a network. | 03-06-2014 |
20140059689 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - Systems, methods, and software for processing received network traffic in view of content detection data and configuration data that defines policies to either block, permit, or to further evaluate network traffic content on the policies when network traffic is entering a network. | 02-27-2014 |
20140053271 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT - A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. | 02-20-2014 |
20140029429 | ADAPTIVE LOAD BALANCING - Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of paths is maintained by a first component of multiple components coupled in communication with a network. Each path is a loop-free switching path, reverse path learning network and the first component and a second component of the multiple components are connected through each path. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path of the multiple of paths by selecting a virtual network of the set of virtual networks for transporting the received packet that tends to balance traffic load across the set of virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path. | 01-30-2014 |
20140007246 | DATA LEAK PROTECTION | 01-02-2014 |
20130340078 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT - A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. | 12-19-2013 |
20130339710 | METHOD AND SYSTEM FOR POLLING NETWORK CONTROLLERS - Improving the performance of multitasking processors are provided. For example, a subset of M processors within a Symmetric Multi-Processing System (SMP) with N processors is dedicated for a specific task. The M (M>0) of the N processors are dedicate to a task, thus, leaving (N-M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these processors run in an independent context and can communicate with the normal OS and cooperation with the normal OS to achieve higher network performance. | 12-19-2013 |
20130333044 | VULNERABILITY-BASED REMEDIATION SELECTION - A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto. | 12-12-2013 |
20130333019 | INTEGRATED SECURITY SWITCH - An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network. | 12-12-2013 |
20130332997 | COMPUTERIZED SYSTEM AND METHOD FOR DEPLOYMENT OF MANAGEMENT TUNNELS - Methods and systems for deploying management tunnels between managed and managing devices are provided. According to one embodiment, a managed device receives an address of a management device. The managed device has stored therein a pre-configured unique identifier of an authorized management device and a digital certificate assigned to the managed device prior to installation of the managed device within a network. A tunnel is established between the devices. The management device has stored therein a digital certificate assigned to the management device prior to installation of the management device within the network. The digital certificate of the management device is received by the managed device. Prior to allowing the management device to use the tunnel to perform management functionality in relation to the managed device, a unique identifier included within or associated with the digital certificate of the management device is confirmed with reference to the pre-configured unique identifier. | 12-12-2013 |
20130315232 | HETEROGENEOUS MEDIA PACKET BRIDGING - Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network device comprises network interfaces (netmods), including a first and second set operable to receive packets encapsulated within a first and second set of media transmissions, respectively, and each having a first and second framing media format, respectively. A single bridging domain is provided by a shared bridging application. A memory stores data structures for translating between the first and second framing media formats via an intermediate format. The netmods pass a received packet, through a switching fabric, to the bridging application, which determines a relay location for the packet and whether the relay location is among the other set of netmods. Responsive to an affirmative determination, the bridging application uses the translation data structures to translate the packet before relaying the packet to the relay location. | 11-28-2013 |
20130312097 | DETECTING MALICIOUS RESOURCES IN A NETWORK BASED UPON ACTIVE CLIENT REPUTATION MONITORING - Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, the monitoring unit maintains a current reputation score for the monitored device based upon the score and a historical score associated with the monitored device. The monitoring unit classifies one of the monitored devices as potentially being a malicious resource based upon its current reputation score. | 11-21-2013 |
20130311671 | ACCELERATING DATA COMMUNICATION USING TUNNELS - Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. Packets that are classified as being associated with an existing connection-oriented flow are passed to a WAN socket operating at the transport layer. Based on the application protocol, the packets are passed to an application handler of multiple application handlers operating at the application layer each of which implements one or more application acceleration techniques for a particular application layer protocol known to behave poorly within a WAN environment. The existing connection-oriented flow is securely accelerated by performing one or more application acceleration techniques and applying one or more security functions. | 11-21-2013 |
20130308640 | MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK - Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet. The border component shields the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address before sending the first packet to the network of switches. | 11-21-2013 |
20130308460 | SERVICE PROCESSING SWITCH - Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, packets are load balanced among virtual routing processing resources of an IP service generator of a virtual router (VR) based switch. A packet flow cache is maintained with packet flow entries containing information indicative of packet processing actions for established packet flows. Deep packet classification is performed to determine whether a packet is associated with an established packet flow. If so, the packet is directed to one of multiple virtual services processing resources representing application-tailored engines configured to provide managed firewall services. If the packet is allowed, it is returned to the source virtual routing processing resource for forwarding. | 11-21-2013 |
20130305343 | COMPUTERIZED SYSTEM AND METHOD FOR HANDLING NETWORK TRAFFIC - Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, a service daemon process is instantiated within a firewall to handle content processing of network traffic of virtual domains by aggregating communication channels associated with the virtual domains and by applying an appropriate content processing policy for the corresponding virtual domain. A connection request is received by the firewall from a virtual domain. A child process is forked by the service daemon process to handle network traffic associated with the virtual domain. A communication channel is established between a kernel of the firewall and the service daemon process to transfer a portion of the network traffic between the service daemon process and the kernel. The child process is configured to perform content processing of the network traffic in accordance with a content processing policy associated with the virtual domain. | 11-14-2013 |
20130298182 | POLICY-BASED CONFIGURATION OF INTERNET PROTOCOL SECURITY FOR A VIRTUAL PRIVATE NETWORK - A method for performing policy-based configuration of Internet Protocol Security (IPSec) for a Virtual Private Network (VPN) is provided. According to one embodiment, a browser-based interface of a network device displays a policy page through which multiple settings may be configured for a VPN connection. The settings include a type of IPSec tunnel to be established between the network device and a peer. One or more parameter values corresponding to one or more of the settings are received and responsive thereto a policy file is created or modified corresponding to the VPN connection. The policy file has contained therein multiple parameter values corresponding to the settings. Establishment of the VPN connection between the network device and the peer is requested based on the parameter values contained within the policy file by sending a notification request, including the policy file, from the network device to the peer. | 11-07-2013 |
20130263271 | DETECTING NETWORK TRAFFIC CONTENT - A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected. | 10-03-2013 |
20130263246 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 10-03-2013 |
20130262667 | SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT - A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data representing a probability of accuracy of a characterization of network traffic content, and associating each of the plurality of data with a technique for characterizing network traffic content. A method for categorizing network traffic content includes determining a characterization of the network traffic content, determining a weight value associated with the characterization, and categorizing network traffic content based at least in part on the characterization of the network traffic content and the weight value. | 10-03-2013 |
20130258863 | SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION - Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session. | 10-03-2013 |
20130254310 | DELEGATED NETWORK MANAGEMENT SYSTEM AND METHOD OF USING THE SAME - A method for providing a management function requested by a user that uses a managed device includes establishing a session on a managed device in response to a user logging into an account on the managed device, establishing a delegated management session on a management device, the delegated management session corresponding to the session on the managed device, receiving a management message on the management device, the management message being related to a management function requested by the user, and in response to the received management message, performing the management function using the management device. | 09-26-2013 |
20130215904 | VIRTUAL MEMORY PROTOCOL SEGMENTATION OFFLOADING - Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a user process of a host processor requests a network driver to store payload data within a system memory. The network driver stores (i) payload buffers each containing therein at least a subset of the payload data and (ii) buffer descriptors each containing therein information indicative of a starting address of a corresponding payload buffer within a user memory space. A network processor transmits onto a network the payload data within multiple transport layer protocol packets by (i) causing a network interface to retrieve the payload data from the payload buffers by performing direct virtual memory addressing of the user memory space using the buffer descriptors and information contained within a translation data structure stored within the system memory; and (ii) segmenting the payload data across the transport layer protocol packets. | 08-22-2013 |
20130212266 | ROUTING CLIENT REQUESTS - Methods and systems for routing client requests are provided. According to one embodiment, a request handling server obtains a rule set for managing the traffic of a content publisher. A request associated with the content publisher is received at the request handling server. When the received request is a content request, directly servicing the received request or redirecting the received request by the request handling server to another server capable of handling the request based on the rule set. When the received request comprises a Domain Name System (DNS) request, responding to the DNS request, by the request handling server, with a DNS response based on the rule set. | 08-15-2013 |
20130198839 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT - A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit. | 08-01-2013 |
20130185762 | METHOD, APPARATUS, SIGNALS AND MEDIUM FOR ENFORCING COMPLIANCE WITH A POLICY ON A CLIENT COMPUTER - A method and system for enforcing compliance with a policy on a client computer in communication with a network is disclosed. The method involves receiving a data transmission from the client computer on the network. The data transmission includes status information associated with the client computer. The data transmission is permitted to continue when the status information meets a criterion. | 07-18-2013 |
20130170346 | MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES - Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile identifier. Lower-level profile identifiers are determined using the first-level profile identifier. The lower-level profile identifiers indicate a set of services that is available to the subscriber during the connection. Creating a connection for the subscriber that enables forwarding of packets based on the lower-level profile identifiers. | 07-04-2013 |
20130156033 | SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION - Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a router. A data structure is maintained by the router and contains therein information regarding the multicast sessions, including a first pointer for each of the multicast sessions, at least one chain of one or more blocks of second pointers and one or more transmit control blocks (TCBs). Each first pointer points to a chain of one or more blocks of second pointers. Each second pointer corresponds to an outbound interface (OIF) participating in the multicast session and identifies a number of times packets associated with the multicast session are to be replicated. The TCBs have stored therein control information to process or route packets. Each second pointer points to a TCB that identifies an OIF of the router through which packets are to be transmitted. | 06-20-2013 |
20130155862 | PERFORMING RATE LIMITING WITHIN A NETWORK - Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second component thereby collectively providing multiple paths between the first and second components. Packets are received by the first component that are associated with a flow sent by a source component. The packets are forwarded by the first component to the second component along a particular path defined by the set of virtual networks. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source component is instructed to limit the rate at which the packets are sent. | 06-20-2013 |
20130152203 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus processing content objects is provided. A content object is stored within a system memory by a general purpose processor using a virtual address. Most recently used entries of a page directory and a page table of the system memory are cached within a translation lookaside buffer (TLB) of a virus co-processor. Instructions are read from a virus signature memory of the co-processor. Those of a first type are assigned to a first of multiple instruction pipes of the co-processor. The first instruction pipe executes an instruction including accessing a portion of the content object by performing direct virtual memory addressing of the system memory using a physical address derived based on the virtual address and the TLB and comparing it to a string associated with the instruction. | 06-13-2013 |
20130125238 | CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS - Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a first set of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and a second set of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file are transparently proxied by a gateway device. The existence or non-existence of malicious, dangerous or unauthorized content contained within the file is determined by the gateway device by (i) buffering data being read from or written to the file as a result of the first and second set of SMB/CIFS protocol requests into a shared file buffer; and (ii) performing content filtering on the shared file buffer when a scanning condition is satisfied. | 05-16-2013 |
20130121152 | ADAPTIVE LOAD BALANCING - Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of virtual networks, into which a network has been logically divided that can be used by a first component is maintained. Each of the virtual networks is a loop-free switching path, reverse path learning network and provides a path through the network between the first component and a second component. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path by selecting a virtual network for transporting the received packet that tends to balance traffic load across the virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path. | 05-16-2013 |
20130104235 | DETECTION OF UNDESIRED COMPUTER FILES IN ARCHIVES - Systems and methods for content filtering are provided. According to one embodiment, a type and structure of an archive file are determined. The archive file includes identification bytes that identify the type of archive file and header information both in unencrypted and uncompressed form and a file data portion containing contents of files in encrypted form, compressed form or both. The determination is based solely on the identification bytes and/or the header information. Based thereon, descriptive information, describing characteristics of the files, is extracted from the header information for each file. The descriptive information includes a checksum of the file in uncompressed form, a size of the file in uncompressed form and/or a size of the file in compressed form. A file is identified as being potentially malicious or undesired when a comparison of the descriptive information to detection signatures of known malicious or undesired files results in a match. | 04-25-2013 |
20130083697 | MANAGING AND PROVISIONING VIRTUAL ROUTERS - Methods and systems are provided for provisioning and managing network-based virtual private networks (VPNs). According to one embodiment, routing information, including virtual private network (VPN) addresses reachable, for customer sites connected via service processing switches is learned or discovered. The routing information is disseminated among routers associated with multiple network-based customer VPNs for multiple customers. A routing configuration is generated for a network-based customer VPN based on the routing information and a global customer routing profile. Virtual routers (VRs) of the service processing switches are provisioned to support the customer VPN based on the routing configuration. A custom routing profile for the customer VPN is received that identifies one or more routing protocols to be used for one or more segments of the customer VPN. The customer VPN is automatically reconfigured by programmatically generating appropriate routing configurations for the VRs based on the routing information and the custom routing profile. | 04-04-2013 |
20130022049 | IDENTIFYING NODES IN A RING NETWORK - Methods, systems and data structures for determining a token master on a ring network are provided. According to one embodiment, determining a token master on a ring network includes receiving a packet containing a network token at a first node on the network. If the network token does not arrive within a preselected timeout period, generating an arbitration token. If the packet contains an arbitration token, determining if the arbitration token was modified by a higher priority node of the network and if not, setting the first node as a token master and converting the arbitration token to a packet transmission token. Arbitration tokens are used to identify a token master that is responsible for generating a packet transmission token onto the network, whereas the packet transmission token authorizes a transmitting node that has most recently received the packet transmission token to transmit locally generated packets onto the network. | 01-24-2013 |
20130013777 | DELEGATED NETWORK MANAGEMENT SYSTEM AND METHOD OF USING THE SAME - A method for providing a management function requested by a user that uses a managed device includes establishing a session on a managed device in response to a user logging into an account on the managed device, establishing a delegated management session on a management device, the delegated management session corresponding to the session on the managed device, receiving a management message on the management device, the management message being related to a management function requested by the user, and in response to the received management message, performing the management function using the management device. | 01-10-2013 |
20120324532 | PACKET ROUTING SYSTEM AND METHOD - Methods and systems for offering network-based managed security services are provided. According to one embodiment, an IP service processing switch includes multiple service blades and one or more packet-passing data rings. The service blades each have multiple processors for providing customized security services to subscribers of a service provider. Upon receipt of a packet by a service blade from the one or more packet-passing data rings, a PEID value within the packet is inspected and when the PEID value corresponds to a PEID assigned to a processor associated with the service blade, the packet is steered to a software entity of a VR on the processor that corresponds to an LQID value within the packet. And, when the PEID value does not correspond to any PEIDs assigned to processors on the service blade, the packet is passed to a next service blade on the one or more packet-passing data rings. | 12-20-2012 |
20120324216 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers is provided. According to one embodiment, a request to establish an IP connection between two locations of a subscriber is received at a service management system (SMS) of the service provider. A tunnel is established between service processing switches coupled in communication through a public network. First and second packet routing nodes within the service processing switches are associated with the first and second locations, respectively. An encryption configuration decision is bound with a routing configuration of the packet routing nodes, by, when the request is to establish a secure IP connection, configuring, the packet routing nodes to cause all packets transmitted to the other location to be encrypted and to cause all packets received from the other location to be decrypted. | 12-20-2012 |
20120317646 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A general purpose processor receives and stores a data segment to a first memory at a virtual address. The first memory contains paging data structures for translating virtual addresses to physical addresses. The general purpose processor directs a virus processing hardware accelerator to scan the data segment based on virus signatures compiled for the virus processing hardware accelerator and stored in a second memory. The first memory includes a first virus signature compiled for the general purpose processor. The virus processing hardware accelerator retrieves the data segment by accessing the first memory based on the virtual address and cached information, stored within one or more translation lookaside buffers local to the virus processing hardware accelerator, relating to most recently used entries of the paging data structures. | 12-13-2012 |
20120311125 | SWITCH MANAGEMENT SYSTEM AND METHOD - Methods and systems for managing a service provider switch are provided. According to one embodiment, a method is provided for provisioning a switch with a network-based managed Internet Protocol (IP) service. A network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing control information between address spaces based on locations of software objects. The OM performs management plane communications among software objects by way of system calls. The OM performs data plane communications among software objects by way of object-to-object channels. The switch is provisioned with a network-based managed IP service for a particular customer by pushing discrete and customized software objects representing the network-based managed IP service onto an object-to-object channel established between two of the software objects. | 12-06-2012 |
20120291117 | COMPUTERIZED SYSTEM AND METHOD FOR HANDLING NETWORK TRAFFIC - Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, content processing of network traffic associated with multiple virtual domains is performed by a service daemon process initiated within a firewall. The service daemon process handles content processing of network traffic for the virtual domains by aggregating communication channels associated with the virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain with which the network traffic is associated. | 11-15-2012 |
20120278896 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 11-01-2012 |
20120246712 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a Media Gateway Control Protocol (MGCP) media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 09-27-2012 |
20120222044 | METHOD AND SYSTEM FOR POLLING NETWORK CONTROLLERS - Improving the performance of multitasking processors are provided. For example, a subset of M processors within a Symmetric Multi-Processing System (SMP) with N processors is dedicated for a specific task. The M (M>0) of the N processors are dedicate to a task, thus, leaving (N−M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these processors run in an independent context and can communicate with the normal OS and cooperation with the normal OS to achieve higher network performance. | 08-30-2012 |
20120192281 | DETERMINING TECHNOLOGY-APPROPRIATE REMEDIATION FOR VULNERABILITY - A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between: a RID field, the contents of which denote an identification (ID) of a remediation (RID); at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively; and at least one ACTID field, the contents of which denotes an ID of an action (ACTID). A method, of selecting a remediation that is appropriate to a technology present on a machine to be remediated, may include: providing such a machine-actionable memory; and indexing into the memory using a given RID value and a given TID value to determine values of the at-least-one ACTID corresponding to the given RID value and appropriate to the given TID value. | 07-26-2012 |
20120191972 | SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, a kernel mode driver of a computer system intercepts file system or operating system activity, by a running process, relating to a dependent code module. Loading of the dependent code module is selectively authorized by authenticating a cryptographic hash value of the dependent code module with reference to a multi-level whitelist. The multi-level whitelist includes a global whitelist database remote from the computer system, maintained by a trusted service provider and which contains cryptographic hash values of approved code modules known not to contain viruses or malicious code; and a local whitelist database that includes cryptographic hash values of a subset of the approved code modules. The running process is allowed to load the dependent code module when the cryptographic hash value matches one of the cryptographic hash values of the approved code modules. | 07-26-2012 |
20120163186 | SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION - Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session. | 06-28-2012 |
20120131215 | MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES - Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile identifier. Lower-level profile identifiers are determined using the first-level profile identifier. The lower-level profile identifiers indicate a set of services that is available to the subscriber during the connection. Creating a connection for the subscriber that enables forwarding of packets based on the lower-level profile identifiers. | 05-24-2012 |
20120102196 | CONTENT PATTERN RECOGNITION LANGUAGE PROCESSOR AND METHODS OF USING THE SAME - A device for detecting network traffic content is provided. The device includes a processor configured to receive a signature associated with content desired to be detected, and execute one or more functions based on the signature to determine whether network traffic content matches the content desired to be detected. The signature is defined by one or more predicates. A computer readable medium for use to detect network traffic content is also provided. The computer readable medium includes a memory storing one or more signatures, each of the one or more signatures associated with content desired to be detected. Each of the one or more signatures is defined by one or more predicates, and each of the one or more predicates can be compiled into a byte code stream that controls a logic of a network traffic screening device. | 04-26-2012 |
20120099596 | METHODS AND SYSTEMS FOR A DISTRIBUTED PROVIDER EDGE - Methods and systems for a distributed provider edge are provided. According to one embodiment, a one-to-one association is formed between a Virtual Routing and Forwarding device (VRF) of a provider edge device (PE) of a service provider and a customer site. The VRF includes a routing information base (RIB) and a forwarding information base (FIB). A network interface module is instantiated within the VRF for each network interface employed, such as an intranet, extranet, Virtual Private Network (VPN) and/or Internet interface. A first packet is received at the PE via a first network interface. A first network interface module associated with the first network interface accesses the RIB to acquire routing information for the first packet. A second packet is received via a second network interface. A second network interface module associated with the second network interface accesses the RIB to acquire routing information for the second packet. | 04-26-2012 |
20120078863 | APPLICATION CONTROL CONSTRAINT ENFORCEMENT - Systems and methods for performing application control constraint enforcement are provided. According to one embodiment, file system or operating system activity of a computer system is intercepted relating to a code module. A cryptographic hash value of the code module is checked against a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code. The local whitelist database also contains execution constraint information. When the cryptographic hash value matches one of the cryptographic hash values of approved code modules, authority of the computer system or an end user of the computer system to execute the code module is further validated if the execution constraint information so indicates by performing a constraint check regarding the code module. If the authority is affirmed by the constraint check, then allowing the code module to be executed. | 03-29-2012 |
20120072568 | SWITCH MANAGEMENT SYSTEM AND METHOD - Methods and systems for managing a service provider switch are provided. According to one embodiment, a network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing control information between address spaces based on locations of software objects. The OM performs management plane communications among software objects by way of system calls. The OM performs data plane communications among software objects by way of object-to-object channels. The switch is provisioned with a network-based managed IP service for a particular customer of the service provider by pushing the service onto an object-to-object channel that has been established between a first software object and a second software object of the software objects. | 03-22-2012 |
20120069850 | NETWORK PACKET STEERING VIA CONFIGURABLE ASSOCIATION OF PACKET PROCESSING RESOURCES AND NETWORK INTERFACES - Methods and systems are provided for steering network packets. According to one embodiment, a dynamically configurable steering table is stored within a memory of each network interface of a networking routing/switching device. The steering table represents a mapping that logically assigns each of the network interfaces to one of multiple packet processing resources of the network routing/switching device. The steering table has contained therein information indicative of a unique identifier/address of the assigned packet processing resource. Responsive to receiving a packet on a network interface, the network interface performs Layer 1 or Layer 2 steering of the received packet to the assigned packet processing resource by retrieving the information indicative of the unique identifier/address of the assigned packet processing resource from the steering table based on a channel identifier associated with the received packet and the received packet is processed by the assigned packet processing resource. | 03-22-2012 |
20120057460 | SERVICE PROCESSING SWITCH - Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a load associated with multiple virtual routing processing resources of an IP service generator of a virtual router (VR) based switch is monitored. Packets are load balanced among the virtual routing processing resources. A packet flow cache is maintained with packet flow entries containing information indicative of packet processing actions for established packet flows. Deep packet classification is performed to determine whether a packet is associated with an established packet flow. If so, the packet is directed to one of multiple virtual services processing resources representing application-tailored engines configured to provide network-based IP services including one or more of virtual private network (VPN) processing, firewall processing, Uniform Resource Locator (URL) filtering and anti-virus processing. If the packet is allowed, it is returned to the source virtual routing processing resource for forwarding. | 03-08-2012 |
20120023557 | METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK - A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion. | 01-26-2012 |
20120023228 | METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK - A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion. | 01-26-2012 |
20120017277 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 01-19-2012 |
20120005741 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) are provided. According to one embodiment, a firewall prevents unauthorized network-lawyer access to internal hosts by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall facilitates concurrent management of multiple incoming VoIP calls by providing multiple VoIP ports and advertising multiple IP address/VoIP port pairs corresponding to internal hosts. When incoming VoIP packets are received, the packets are directed to an appropriate internal host by the firewall performing port forwarding based on a port indication contained within the packets to a server or gatekeeper within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 01-05-2012 |
20110235649 | HETEROGENEOUS MEDIA PACKET BRIDGING - Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network-computing device comprises multiple network interfaces (netmods) and a shared processing resource. The shared processing resource executes a virtual bridging application representing a single bridging domain for all network packets received by the network-computing device. A translation data structure defines translations between a first framing media format and an intermediate format and between the intermediate format and a second framing media format. If the virtual bridging application determines a network packet is to be relayed between a netmod operable to receive network packets encapsulated within the first framing media format and a netmod operable to transmit network packets encapsulated within the second framing media format, then it uses the translation data structures to translate the network packet before relaying the network packet. | 09-29-2011 |
20110235639 | MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK - Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and includes the first L3 address as a source L3 address for the first packet. The border component shields the first L2 address from the network of switches by replacing the source L2 address for the first packet with a substitute L2 address associated with a communication channel of the border component before sending the first packet to the network of switches. | 09-29-2011 |
20110235548 | MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES - Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a policy engine of a VR defines services available to subscribers in terms of profile identifiers. A scalable subscriber profile database is established having a memory requirement dependent upon the number of available service contexts by hierarchically organizing profile identifiers as leaf profile identifiers, which explicitly define services, and intermediate profile identifiers, which indirectly represent services. The policy engine receives a first-level profile identifier and determines whether it is among those stored in the database. If not, then it obtains service profile information associated with the first-level profile identifier. If the first-level profile identifier is an intermediate profile identifier having leaf profile identifiers, then it further obtains them and associated profile information and stores this information in the database. The first-level profile identifier and the associated service profile information are also stored in the database. | 09-29-2011 |