摘要:
Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.
摘要:
Aspects of the subject matter described herein relate to authentication for a distributed secure content management system. In aspects, a request to access a resource available through the Internet is routed to a security component. The security component is one of a plurality of security components distributed throughout the Internet and responsible for authenticating entities associated with an enterprise. The security component determines an authentication protocol to use with the entity and then authenticates the entity. If the entity is authenticated, the entity is allowed to use a forward proxy.
摘要:
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
摘要:
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
摘要:
In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.
摘要:
In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.
摘要:
Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the system of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The system may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the system of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.
摘要:
Verification of Internet connectivity using multiple prior connection attempts to Internet destination(s). The Internet destinations may be destinations that have high reliability and that do not easily have intermediating systems that might deny a connection request. Such an Internet destination might be, for example, root Domain Name Server (DNS) servers. Connection attempt results are obtained by for at least some of the connection attempts, tracking which resulted in success and failure. Internet connectivity is then verified based on the collective results, rather than relying on any one single connection attempt. In one embodiment, the frequency of the connection attempts may depend on a current state of the Internet connection.
摘要:
Verification of Internet connectivity using multiple prior connection attempts to Internet destination(s). The Internet destinations may be destinations that have high reliability and that do not easily have intermediating systems that might deny a connection request. Such an Internet destination might be, for example, root Domain Name Server (DNS) servers. Connection attempt results are obtained by for at least some of the connection attempts, tracking which resulted in success and failure. Internet connectivity is then verified based on the collective results, rather than relying on any one single connection attempt. In one embodiment, the frequency of the connection attempts may depend on a current state of the Internet connection.
摘要:
Given a language with all words in a fixed length, and a set of regular expressions composed only from characters in the alphabet of the language or the “?” sign (any single character), the system of the invention defines a data structure that is used to efficiently find the set of matching regular expressions for a given query word. The system may be adjusted by appropriate selection of a control variable to vary the storage space required and the search time necessary to complete the query. Specifically, the system of the present invention provides a space versus time trade-off between the storage space required for the data structures of the present invention and the amount of time to search those data structures to determine the matching set of regular expressions.