CUSTOMIZED CONFIGURATION SETTINGS FOR A NETWORK APPLIANCE
Granted: June 5, 2014
Application Number:
20140156812
Methods and systems for temporarily configuring a network appliance in accordance with externally provided customized configuration settings are provided. According to one embodiment, a network appliance may operate in one of multiple configuration modes, including an internal configuration mode and an external configuration mode. When operating in the internal configuration mode, the network appliance loads and runs configuration settings from a memory internal to the network appliance.…
VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH
Granted: May 22, 2014
Application Number:
20140143876
Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A data segment is received by a general purpose processor coupled to a virus co-processor and a memory via an interconnect bus. The memory includes a first signature and a second signature. The first includes a primitive instruction and a Content Pattern Recognition (CPR) instruction stored at contiguous locations in the…
LOAD BALANCING AMONG A CLUSTER OF FIREWALL SECURITY DEVICES
Granted: May 22, 2014
Application Number:
20140143854
A method for balancing load among firewall security devices in a network is disclosed. Firewall security devices are arranged in multiple clusters. A switching device is configured with the firewall security devices by communicating control messages and heartbeat signals. Information regarding the configured firewall security devices is then included in a load balancing table. A load balancing function is configured for enabling the distribution of data traffic received by the switching…
UNPACKING JAVASCRIPT WITH AN ACTIONSCRIPT EMULATOR
Granted: May 1, 2014
Application Number:
20140123284
Methods and systems for detecting an attempt to evaluate embedded JavaScript are provided. According to one embodiment, an ActionScript emulator receives a Flash file to be tested. The emulator implements a modified version of a class typically implemented by a Flash file container. The emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The emulator determines whether the one or more tags are capable of containing…
DETECTION OF HEAP SPRAYING BY FLASH WITH AN ACTIONSCRIPT EMULATOR
Granted: May 1, 2014
Application Number:
20140123283
Methods and systems for detecting heap spraying by ActionScript bytecode (ABC) contained within a Flash file are provided. According to one embodiment, an ActionScript emulator receives a Flash file to be tested. The emulator implements a modified version of a class typically implemented by an ActionScript virtual machine. The emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The emulator determines whether the one or more…
UNPACKING FLASH EXPLOITS WITH AN ACTIONSCRIPT EMULATOR
Granted: May 1, 2014
Application Number:
20140123282
Methods and systems for detecting an attempt to load embedded Flash are provided. According to one embodiment, an ActionScript emulator running on a computer system receives a Flash file to be tested. The ActionScript emulator implements a modified version of a class typically implemented by an ActionScript virtual machine. The ActionScript emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The ActionScript emulator…
DETECTION OF FLASH EXPLOITS WITH AN ACTIONSCRIPT EMULATOR
Granted: May 1, 2014
Application Number:
20140123137
Methods and systems for detecting Flash exploits are provided. According to one embodiment, an ActionScript emulator running on a computer system receives a Flash file to be tested. Responsive to a method implemented by the ActionScript emulator observing one or more predetermined conditions associated with a known Flash exploit, the ActionScript emulator reports existence of the known Flash exploit within the Flash file.
DETECTION OF JIT SPRAYING BY FLASH WITH AN ACTIONSCRIPT EMULATOR
Granted: May 1, 2014
Application Number:
20140122052
Methods and systems for detecting JIT spraying by ActionScript bytecode (ABC) contained within a Flash file are provided. According to one embodiment, an ActionScript emulator receives a Flash file to be tested. The emulator implements a modified version of an operator typically implemented by an ActionScript virtual machine. The emulator reveals one or more tagged data blocks (tags) contained within the Flash file by decoding the Flash file. The emulator determines whether the one or…
SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE
Granted: April 24, 2014
Application Number:
20140115323
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a trusted service provider maintain a cloud-based whitelist containing cryptographic hash values including those of code modules that are approved for execution on computer systems of subscribers of the service provider. A code module information query, including a cryptographic hash value of a code module, is received from a computer system of a subscriber by the service provider.…
CONFIGURING INITIAL SETTINGS OF A NETWORK SECURITY DEVICE VIA A HAND-HELD COMPUTING DEVICE
Granted: April 10, 2014
Application Number:
20140101720
Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are…
EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM
Granted: April 3, 2014
Application Number:
20140096254
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus co-processing is provided. A general purpose processor stores a data segment to its system memory using a virtual address. The system memory has stored therein a page directory and a page table containing information for translating virtual addresses to physical addresses within a physical address space of the system memory. A virus processing…
POLICY-BASED CONTENT FILTERING
Granted: March 27, 2014
Application Number:
20140090014
Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall device maintains a policy database including multiple policies. The policies includes information regarding an action to take with respect to a network session based on a set of source internet protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol. When the action is to allow the network session, the policy…
POLICY-BASED CONTENT FILTERING
Granted: March 27, 2014
Application Number:
20140090013
Methods and systems are provided for processing application-level content of network service protocols. According to one embodiment, one or more content processing configuration schemes are defined within a firewall device. Each of the one or more content processing configuration schemes including multiple content processing configuration settings for one or more network service protocols. The one or more content processing configuration schemes are stored by the firewall device. One or…
SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE
Granted: March 20, 2014
Application Number:
20140082355
Systems and methods for selective authorization of code modules are provided. According to one embodiment, a whitelist containing cryptographic hash values of code modules that are approved for loading into memory of a computer system and execution on the computer system is maintained by a kernel mode driver of the computer system. At least a subset of the cryptographic hash values has been included within the whitelist based upon results of application of one or more behavior analysis…
SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION
Granted: March 20, 2014
Application Number:
20140079056
Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.
SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION
Granted: March 20, 2014
Application Number:
20140078907
Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.
SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES
Granted: March 13, 2014
Application Number:
20140075187
Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, responsive to a monitored file system or operating system event initiated by an active process, a real-time authentication process is performed or bypassed on a code module to which the monitored event relates with reference to a whitelist that includes cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code. The active…
SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS
Granted: March 6, 2014
Application Number:
20140068749
Systems, methods, and software for processing received network traffic content in view of content detection data and configuration data to either block, permit, or to further evaluate network traffic content when entering a network.
SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS
Granted: February 27, 2014
Application Number:
20140059689
Systems, methods, and software for processing received network traffic in view of content detection data and configuration data that defines policies to either block, permit, or to further evaluate network traffic content on the policies when network traffic is entering a network.
SYSTEMS AND METHODS FOR DETECTING AND PREVENTING FLOODING ATTACKS IN A NETWORK ENVIRONMENT
Granted: February 20, 2014
Application Number:
20140053271
A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes…
