公开(公告)号：US20210243209A1

公开(公告)日：2021-08-05

申请号：US16778325

申请日：2020-01-31

Applicant: salesforce.com, inc.

Inventor： Ramesh RAMANI

IPC: H04L29/06

Abstract: Communication security is an ongoing problem. Over time, various protocols have been used and then replaced due to insufficient protection. For example, some client/server web communication used to rely on Secure Socket Layers (SSL) to protect communication, but was replaced with a more secure Transport Layer Security (TLS) protocol. TLS itself has undergone several revisions, and TLS 1.0 is now considered not secure. TLS and other protocols provide backwards compatibility, so while a higher security level is desired, communication may fallback to an undesirable level, e.g., TLS 1.0, if required by either communication endpoint. An intermediary to communication with an organization may capture data to facilitate analyzing it to determine what caused a fallback, and to decide if and how to remediate it. Remediation may vary depending on, for example, whether the cause was from within the organization, or external, such as from a client.

公开(公告)号：US20210243605A1

公开(公告)日：2021-08-05

申请号：US16779226

申请日：2020-01-31

Applicant: salesforce.com, inc.

Inventor： Ramesh RAMANI ,  Anurag Bhatt

IPC: H04W12/08 ,  G06F12/0804 ,  H04W12/06 ,  H04W12/00

Abstract: Updating firewalls can be difficult if many devices need to be manually reconfigured. To assist, vendors provide management tools. If the tool requires manual adding/deleting known firewalls, this is problematic in networks with many devices. If devices are hosted within a virtual private cloud, the tool may adopt a centralized “star” configuration and maintain live contact with all firewalls. This exposes firewalls to risk if the central tool is compromised. An alternative to a central tool is to implement a tool local to an environment, secure the tool with multi-level authentication, and provide automatic active firewall discovery, e.g., automate adding/deleting firewalls in an environment defined with respect to criteria that may be used to define a collection of active firewalls. Configuration changes may be pushed to the collection. Authentication credentials to access the firewalls are ephemerally cached and flushed after use so the tool cannot be compromised.