公开(公告)号：US10587703B2

公开(公告)日：2020-03-10

申请号：US15875730

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Kenneth Bell ,  Mark Howell ,  Manbir Chauhan

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  H04L12/46

Abstract: Technology for providing communication connectivity between network entities located in different isolated communication networks through a centralized cloud service. A cloud service connector in a source communication network receives an initial connection request from a source end point device in the source communication network, and determines a customer name and requested service associated with the port number indicated in the request. Mappings are established between the source end point device and a destination end point device that provides the requested service from within a destination communication network that is associated with the customer name. Network traffic is conveyed between the source end point device and the destination end point device through the cloud service by tunneling packets over connections between the cloud service connector in the source communication network and the cloud service and between a cloud service connector in the destination communication network and the cloud service.

公开(公告)号：US20190342314A1

公开(公告)日：2019-11-07

申请号：US16402819

申请日：2019-05-03

Applicant: Citrix Systems, Inc.

Inventor： Christopher Fleck ,  Kenneth Bell

IPC: H04L29/06 ,  H04L29/08

Abstract: The present disclosure is related to systems and methods of monitoring data of a network application. An embedded browser of a client application on a client device may initiate a request to access a network application hosted on a server. The client application may, responsive to the request, establish a secure session to communicate data of the network application to the client application for rendering in a display region of the embedded browser. The client application may decrypt the data communicated via the established secure session to monitor the network application.

公开(公告)号：US10284595B2

公开(公告)日：2019-05-07

申请号：US15148400

申请日：2016-05-06

Applicant: Citrix Systems, Inc.

Inventor： Anoop Reddy ,  Kenneth Bell ,  Georgios Oikonomou ,  Kurt Roemer

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for evaluating or mitigating a network attack. A device determines one or more client internet protocol addresses associated with the attack on the service. The device assigns a severity score to the attack based on a type of the attack. The device identifies a probability of a user account accessing the service during an attack window based on the type of attack. The device generates an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window. The device selects a mitigation policy for the user account based on the impact score.

公开(公告)号：US20190036911A1

公开(公告)日：2019-01-31

申请号：US16149626

申请日：2018-10-02

Applicant: Citrix Systems, Inc.

Inventor： Kenneth Bell ,  Anoop Reddy

IPC: H04L29/06

Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of serves over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.

公开(公告)号：US20160330245A1

公开(公告)日：2016-11-10

申请号：US15148425

申请日：2016-05-06

Applicant: Citrix Systems, Inc.

Inventor： Kenneth Bell ,  Anoop Reddy

IPC: H04L29/06 ,  H04L12/26 ,  H04L29/12

CPC classification number: H04L63/0823 ,  H04L43/0876 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/35 ,  H04L63/1433

Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of serves over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.

Abstract translation: 本公开涉及用于扫描目标IP地址范围以验证与目标IP地址范围相关联的安全证书的系统和方法。 可以在多个客户端之间监视网络流量，并通过IP地址空间来监视多个服务。 位于多个客户端中间的交通监视器，并且多个服务器可以识别用于目标扫描的地址空间中的IP地址的目标范围。 IP地址的目标范围可以被分组为优先级队列，并且可以执行IP地址的目标范围的扫描，以验证与IP地址的目标范围中的每个IP地址相关联的安全证书。 在一些实施例中，检测到与IP地址的目标范围中的至少一个IP地址相关联的流氓安全证书。

公开(公告)号：US20160330230A1

公开(公告)日：2016-11-10

申请号：US15148374

申请日：2016-05-06

Applicant: Citrix Systems, Inc.

Inventor： Anoop Reddy ,  Kenneth Bell ,  Georgios Oikonomou ,  Kurt Roemer

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1433 ,  G06F9/45533 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L9/002 ,  H04L9/3268 ,  H04L61/1511 ,  H04L61/6013 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0884 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/166 ,  H04L67/42

Abstract: The disclosure is directed to a system for improving security of SSL communications. The system can include an device intermediary between one or more servers, one or more clients, a plurality of agents, and a web service. The servers can be configured to receive SSL connections and issue SSL certificates. The device can include a virtual server associated with a respective one of the servers, such that the SSL certificate of the respective server is transmitted through the device. The device can generate service fingerprints for the one or more servers. Each service fingerprint can include information corresponding to an SSL certificate of the virtual server, one or more DNS aliases for a virtual IP address of the respective virtual server, one or more port numbers serving the SSL certificate, and an IP address serviced by the device. The device also can transmit the service fingerprints to a web service.

Abstract translation: 本公开涉及一种用于提高SSL通信安全性的系统。 系统可以包括一个或多个服务器之间的设备中介，一个或多个客户端，多个代理和web服务。 服务器可以配置为接收SSL连接并发出SSL证书。 该设备可以包括与相应的一个服务器相关联的虚拟服务器，使得相应服务器的SSL证书通过设备传输。 设备可以为一个或多个服务器生成服务指纹。 每个服务指纹可以包括与虚拟服务器的SSL证书相对应的信息，用于各个虚拟服务器的虚拟IP地址的一个或多个DNS别名，用于SSL证书的一个或多个端口号以及由该设备服务的IP地址 。 该设备还可以将服务指纹发送到Web服务。