Security policy check based on communication establishment handshake packet

    公开(公告)号:US09825911B1

    公开(公告)日:2017-11-21

    申请号:US14944943

    申请日:2015-11-18

    Abstract: Systems and methods are disclosed that make security policy decisions based on a packet of a communication establishment handshake. The packet is intercepted and provided to a policy manger. If a security check fails, the communication session is not permitted to be established. In one example, the system includes network device (e.g., a network address translator) and a policy manager. The network address translator can receive Transmission Control Protocol (TCP) communication session establishment handshake packets and redirect each packet that is part of the TCP handshake to the policy manager rather than to the computing node targeted by the packet. The policy manager prevents the redirected packet from being forwarded to a targeted computing node in the provider network to thereby disallow the communication session from being established based on a comparison of at least information in a header of the packet to a set of security policies.

    Managing failure behavior for computing nodes of provided computer networks

    公开(公告)号:US09736016B2

    公开(公告)日:2017-08-15

    申请号:US14631675

    申请日:2015-02-25

    Abstract: Techniques are described for providing managed computer networks. In some situations, the techniques include managing communications for computing nodes of a managed computer network by using one or more particular computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. In addition, the techniques may include managing the communications in accordance with configured failure behavior specified for one or more computing nodes of the computer network, such as specified failure behavior for a computing node configured to operate as an intermediate destination that indicates how communications that would otherwise be routed via the intermediate destination computing node are to be handled if the intermediate destination computing node fails or is otherwise unavailable (e.g., to block or allow such communications).

    Packet path selection using shuffle sharding

    公开(公告)号:US09722932B1

    公开(公告)日:2017-08-01

    申请号:US14526410

    申请日:2014-10-28

    CPC classification number: H04L47/2441 H04L45/74 H04L47/125

    Abstract: A path selector device of a network receives a network packet. A packet flow category to which the packet belongs is identified. A candidate outbound link set corresponding to the packet flow category, comprising a subset of the available outbound links of the path selector device, is determined. The packet is transmitted on a particular outbound link of the candidate outbound link set. Subsequent packets of the packet flow category are distributed among the members of the candidate outbound link set.

    STANDARDS COMPLIANCE FOR COMPUTING DATA
    56.
    发明申请

    公开(公告)号:US20170208099A1

    公开(公告)日:2017-07-20

    申请号:US15479168

    申请日:2017-04-04

    Abstract: Systems and methods are provided for configuring and monitoring computing resources of an entity for compliance with one or more standards. In one implementation, a server receives one or more identifiers of one or more standards and determines a plurality of configuration settings for the computing resources of the entity, based on the received one or more identifiers. The plurality of configuration settings comply with the one or more standards. The computing resources of the entity are configured according to the plurality of configuration settings. The server detects an event related to the computing resources. The detected event and the plurality of configuration settings are evaluated for compliance with the one or more standards. A determination is made whether the entity is compliant with the one or more standards, based on the evaluation, and an action is taken, based on the determination.

    PROVIDING ACCESS TO REMOTE NETWORKS VIA EXTERNAL ENDPOINTS
    59.
    发明申请
    PROVIDING ACCESS TO REMOTE NETWORKS VIA EXTERNAL ENDPOINTS 有权
    通过外部终点站提供对远程网络的访问

    公开(公告)号:US20170070508A1

    公开(公告)日:2017-03-09

    申请号:US15093403

    申请日:2016-04-07

    Abstract: Systems and methods for providing access to a remote network via an external endpoint are provided. A client establishes a secure connection between an external endpoint and a remote network. Transmissions from clients to the external endpoint are supplemented with additional information regarding handling within the remote network, and then transmitted to an internal endpoint within the remote network. The internal endpoint processes the transmission based on the supplemental information and returns a response to the external endpoint. A response is then returned to the client. Access policies may be created by authorized users to establish processing of client transmissions. These policies may be stored and enforced by the internal endpoint or the external endpoint.

    Abstract translation: 提供了通过外部端点提供对远程网络的访问的系统和方法。 客户端在外部端点和远程网络之间建立安全连接。 从客户到外部端点的传输补充有关远程网络中处理的附加信息,然后传输到远程网络内的内部端点。 内部端点根据补充信息处理传输,并向外部端点返回响应。 然后将响应返回给客户端。 授权用户可以创建访问策略来建立客户端传输的处理。 这些策略可能由内部端点或外部端点存储和实施。

Patent Agency Ranking