摘要:
A service is described that discovers the physical locations of a computer's connections to logical networks and provides that information to applications. The service decides which method or methods for discovering physical location information are applicable to each network interface on the computer, applies those methods, and collects the results. The results are then converted into a common format. In addition to physical location, the information may include estimates of the quality and reliability of the information, such as error ranges and confidence intervals, and the methods used to gather the information. The information is made available to whatever system services and applications need it. Clients of the physical location information may be notified when the information provided to them changes or when new information becomes available. Clients may specify a threshold so that location changes of a magnitude below the threshold are not reported to them.
摘要:
A service is disclosed that discovers information about the logical networks to which a computer is connected and provides that information to applications. The information is keyed to names constructed by the service. There is a mapping between the names and the logical networks. Applications may rely on the names when selecting a configuration to use with a given logical network. The network name may be correlated with other information, such as physical network interface(s) on the computer through which the logical network is accessible, application programming interfaces of the transport protocols supported by the logical network, and the connectivity type of the logical network. Applications are notified when network information provided to them changes or when new information becomes available.
摘要:
A service is disclosed that discovers information about the logical networks to which a computer is connected and provides that information to applications. The information is keyed to names constructed by the service. There is a mapping between the names and the logical networks. Applications may rely on the names when selecting a configuration to use with a given logical network. The network name may be correlated with other information, such as physical network interface(s) on the computer through which the logical network is accessible, application programming interfaces of the transport protocols supported by the logical network, and the connectivity type of the logical network. Applications are notified when network information provided to them changes or when new information becomes available.
摘要:
Dynamic demultiplexing of network traffic to maximize availability of a source restricting service is disclosed. In one embodiment, a request is received from a host associated with a first network space to establish a connection to a source restricting service associated with a second network space. In one embodiment, the request is received at a node configured to use network address translation or similar techniques to facilitate communication between hosts associated with the first network on the one hand and hosts associated with the second network on the other. If establishing the requested connection using a first source identifier would result in a per source limit associated with the source restricting service being exceeded with respect to the first source identifier, a second source identifier is instead used to establish the requested connection.
摘要:
In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.
摘要:
A device receives, from a managed device, endpoint information associated with an unmanaged device connected to the managed device in a network. The device also receives unmanaged device information that partially identifies the unmanaged device, and completely identifies the unmanaged device based on the endpoint information and the unmanaged device information.
摘要:
A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
摘要:
A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form.
摘要:
A user device receives a captured image of an encoded identifier, analyzes the encoded identifier via the captured image, and extracts, based on the analysis, network access configuration data from the encoded identifier. The user device provides the network access configuration data to a network access control (NAC) device, and receives, based on the network access configuration data, access to the NAC device. The user device permits the NAC device to inspect the user device via the access to the NAC device, and receives, based on the inspection of the user device, access to a network.
摘要:
In general, the invention is directed toward techniques for controlling access to a network or other computing resource in order to slow down the execution of a password attack while providing minimal obstruction to normal network activity. The method includes generating a history of successful network logins, detecting symptoms of a network password attack, and activating countermeasures in response to the detection. The method further includes receiving a valid login request from the user while the countermeasures are activated and analyzing the history of successful network logins to determine whether the valid login request satisfies a match condition. The method further includes granting the user access to the network when the valid login request satisfies the match condition and denying the user access to the network when the valid login request does not satisfy the match condition even though the valid login request contains a valid username and a valid password.