MX2020011454A - Deteccion de compromiso de credenciales en un recurso de nube. - Google Patents
Deteccion de compromiso de credenciales en un recurso de nube.Info
- Publication number
- MX2020011454A MX2020011454A MX2020011454A MX2020011454A MX2020011454A MX 2020011454 A MX2020011454 A MX 2020011454A MX 2020011454 A MX2020011454 A MX 2020011454A MX 2020011454 A MX2020011454 A MX 2020011454A MX 2020011454 A MX2020011454 A MX 2020011454A
- Authority
- MX
- Mexico
- Prior art keywords
- server instance
- network
- network address
- credentials
- cloud resource
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/566—Grouping or aggregating service requests, e.g. for unified processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
La presente invención se refiere a un método implementado por ordenador que puede incluir inicializar una instancia del servidor usando una dirección de red especificada y una serie asociada de credenciales, registrar la dirección de red de la instancia del servidor inicializado así como también la serie asociada de credenciales en un registro de datos, analizar las solicitudes de servicio de red para determinar que una diferente instancia del servidor con una diferente dirección de red está solicitando un servicio de red usando la misma serie de credenciales, acceder al registro de datos para determinar si la segunda instancia del servidor está usando una dirección de red que se conoce por ser válida dentro de la red y, después de determinar que la segunda instancia del servidor no está usando una dirección de red conocida, prevenir a la segunda instancia del servidor de realizar tareas especificadas dentro de la red. Varios otros métodos, sistemas y medios legibles por ordenador también se describen.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201862669313P | 2018-05-09 | 2018-05-09 | |
US201862756460P | 2018-11-06 | 2018-11-06 | |
US16/402,213 US11275824B2 (en) | 2018-05-09 | 2019-05-02 | Detecting credential compromise in a cloud resource |
PCT/US2019/031387 WO2019217595A1 (en) | 2018-05-09 | 2019-05-08 | Detecting credential compromise in a cloud resource |
Publications (1)
Publication Number | Publication Date |
---|---|
MX2020011454A true MX2020011454A (es) | 2020-12-07 |
Family
ID=68463711
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
MX2020011454A MX2020011454A (es) | 2018-05-09 | 2019-05-08 | Deteccion de compromiso de credenciales en un recurso de nube. |
Country Status (7)
Country | Link |
---|---|
US (3) | US11263305B2 (es) |
EP (1) | EP3791549A1 (es) |
AU (1) | AU2019265709B2 (es) |
BR (1) | BR112020022500A2 (es) |
CA (1) | CA3097671A1 (es) |
MX (1) | MX2020011454A (es) |
WO (1) | WO2019217595A1 (es) |
Families Citing this family (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11263305B2 (en) | 2018-05-09 | 2022-03-01 | Netflix, Inc. | Multilayered approach to protecting cloud credentials |
US11032318B2 (en) * | 2018-08-06 | 2021-06-08 | Juniper Networks, Inc. | Network monitoring based on distribution of false account credentials |
US11089056B2 (en) * | 2018-09-28 | 2021-08-10 | Sophos Limited | Intrusion detection with honeypot keys |
US11190514B2 (en) * | 2019-06-17 | 2021-11-30 | Microsoft Technology Licensing, Llc | Client-server security enhancement using information accessed from access tokens |
US11356485B2 (en) * | 2019-06-28 | 2022-06-07 | International Business Machines Corporation | Pre-signed URLs with custom policies for data access in an object storage system |
US11363018B2 (en) * | 2019-08-06 | 2022-06-14 | Bitglass, Llc | Verifying user device access rights for application data requests |
US20210067554A1 (en) * | 2019-09-03 | 2021-03-04 | ITsMine Ltd. | Real-time notifications on data breach detected in a computerized environment |
US11082256B2 (en) | 2019-09-24 | 2021-08-03 | Pribit Technology, Inc. | System for controlling network access of terminal based on tunnel and method thereof |
US11652801B2 (en) | 2019-09-24 | 2023-05-16 | Pribit Technology, Inc. | Network access control system and method therefor |
US11271777B2 (en) | 2019-09-24 | 2022-03-08 | Pribit Technology, Inc. | System for controlling network access of terminal based on tunnel and method thereof |
US11190494B2 (en) | 2019-09-24 | 2021-11-30 | Pribit Technology, Inc. | Application whitelist using a controlled node flow |
US10855660B1 (en) | 2020-04-30 | 2020-12-01 | Snowflake Inc. | Private virtual network replication of cloud databases |
US11477183B1 (en) * | 2020-06-29 | 2022-10-18 | Amazon Technologies, Inc. | Application-based management of security credential revocations |
US11334661B1 (en) | 2020-06-29 | 2022-05-17 | Amazon Technologies, Inc. | Security credential revocations in a cloud provider network |
US11848998B2 (en) * | 2020-07-29 | 2023-12-19 | Control Plane Corporation | Cross-cloud workload identity virtualization |
CN112333030B (zh) * | 2020-11-24 | 2023-07-18 | 北京百度网讯科技有限公司 | 用于私有网络间通信的方法、装置、电子设备及存储介质 |
US11556402B2 (en) * | 2021-01-27 | 2023-01-17 | Salesforce, Inc. | Metadata plane for application programming interface |
US11178188B1 (en) | 2021-04-22 | 2021-11-16 | Netskope, Inc. | Synthetic request injection to generate metadata for cloud policy enforcement |
US11336698B1 (en) | 2021-04-22 | 2022-05-17 | Netskope, Inc. | Synthetic request injection for cloud policy enforcement |
US11190550B1 (en) | 2021-04-22 | 2021-11-30 | Netskope, Inc. | Synthetic request injection to improve object security posture for cloud security enforcement |
US11184403B1 (en) | 2021-04-23 | 2021-11-23 | Netskope, Inc. | Synthetic request injection to generate metadata at points of presence for cloud security enforcement |
US11647052B2 (en) * | 2021-04-22 | 2023-05-09 | Netskope, Inc. | Synthetic request injection to retrieve expired metadata for cloud policy enforcement |
US11271973B1 (en) | 2021-04-23 | 2022-03-08 | Netskope, Inc. | Synthetic request injection to retrieve object metadata for cloud policy enforcement |
US11271972B1 (en) | 2021-04-23 | 2022-03-08 | Netskope, Inc. | Data flow logic for synthetic request injection for cloud security enforcement |
US20230039162A1 (en) * | 2021-08-09 | 2023-02-09 | Salesforce.Com, Inc. | Automated external ip address discovery of services in a public cloud environment |
US11943260B2 (en) | 2022-02-02 | 2024-03-26 | Netskope, Inc. | Synthetic request injection to retrieve metadata for cloud policy enforcement |
US20230319087A1 (en) * | 2022-03-30 | 2023-10-05 | Attivo Networks Inc. | Systems, methods, and devices for preventing credential passing attacks |
Family Cites Families (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7991697B2 (en) * | 2002-12-16 | 2011-08-02 | Irdeto Usa, Inc. | Method and system to digitally sign and deliver content in a geographically controlled manner via a network |
US7219142B1 (en) * | 2002-10-21 | 2007-05-15 | Ipolicy Networks, Inc. | Scoping of policies in a hierarchical customer service management system |
US20120173732A1 (en) * | 2002-10-22 | 2012-07-05 | Sullivan Jason A | Systems and methods for providing resources and interactivity in computer systems |
US7453852B2 (en) * | 2003-07-14 | 2008-11-18 | Lucent Technologies Inc. | Method and system for mobility across heterogeneous address spaces |
US20090094682A1 (en) * | 2007-10-05 | 2009-04-09 | Peter Sage | Methods and systems for user authorization |
US9886599B2 (en) * | 2008-04-02 | 2018-02-06 | Yougetitback Limited | Display of information through auxiliary user interface |
US8619779B2 (en) * | 2009-09-30 | 2013-12-31 | Alcatel Lucent | Scalable architecture for enterprise extension in a cloud topology |
CA2694326A1 (en) * | 2010-03-10 | 2010-05-18 | Ibm Canada Limited - Ibm Canada Limitee | A method and system for preventing cross-site request forgery attacks on a server |
US8694777B2 (en) | 2010-08-13 | 2014-04-08 | International Business Machines Corporation | Securely identifying host systems |
US8566449B2 (en) * | 2010-12-03 | 2013-10-22 | Salesforce.Com, Inc. | Method and system for validating configuration data in a multi-tenant environment |
US8655773B1 (en) * | 2012-01-26 | 2014-02-18 | Intuit Inc. | Geo-location based underwriting |
KR101312125B1 (ko) * | 2012-02-22 | 2013-09-26 | 주식회사 팬택 | 콘텐츠 필터링 장치 및 방법 |
US8990392B1 (en) * | 2012-04-11 | 2015-03-24 | NCC Group Inc. | Assessing a computing resource for compliance with a computing resource policy regime specification |
US8838961B2 (en) | 2012-09-14 | 2014-09-16 | Netflix, Inc. | Security credential deployment in cloud environment |
US9485276B2 (en) * | 2012-09-28 | 2016-11-01 | Juniper Networks, Inc. | Dynamic service handling using a honeypot |
US10593003B2 (en) * | 2013-03-14 | 2020-03-17 | Securiport Llc | Systems, methods and apparatuses for identifying person of interest |
US8997232B2 (en) * | 2013-04-22 | 2015-03-31 | Imperva, Inc. | Iterative automatic generation of attribute values for rules of a web application layer attack detector |
US9288193B1 (en) | 2013-06-25 | 2016-03-15 | Intuit Inc. | Authenticating cloud services |
US9197709B2 (en) * | 2013-09-27 | 2015-11-24 | Level 3 Communications, Llc | Provisioning dedicated network resources with API services |
US9774709B2 (en) * | 2013-11-18 | 2017-09-26 | Cable Television Laboratories, Inc. | Service discovery |
US9882929B1 (en) * | 2014-09-30 | 2018-01-30 | Palo Alto Networks, Inc. | Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network |
US10218776B2 (en) * | 2014-10-14 | 2019-02-26 | Nokia Of America Corporation | Distribution of cloud services in a cloud environment |
US9807079B2 (en) * | 2014-10-23 | 2017-10-31 | Palo Alto Network, Inc. | Single sign on proxy for regulating access to a cloud service |
US9553885B2 (en) * | 2015-06-08 | 2017-01-24 | Illusive Networks Ltd. | System and method for creation, deployment and management of augmented attacker map |
US10313455B2 (en) * | 2015-08-31 | 2019-06-04 | Ayla Networks, Inc. | Data streaming service for an internet-of-things platform |
US9521606B1 (en) * | 2015-09-22 | 2016-12-13 | Veniam, Inc. | Systems and methods for interfacing with a network of moving things |
US20180316764A1 (en) * | 2015-11-10 | 2018-11-01 | Veniam, Inc. | Captive portal-related control and management in a network of moving things |
US10291634B2 (en) * | 2015-12-09 | 2019-05-14 | Checkpoint Software Technologies Ltd. | System and method for determining summary events of an attack |
US10523636B2 (en) * | 2016-02-04 | 2019-12-31 | Airwatch Llc | Enterprise mobility management and network micro-segmentation |
US10298577B1 (en) * | 2016-03-31 | 2019-05-21 | Amazon Technologies, Inc. | Credential vending to processes |
US20170317999A1 (en) * | 2016-04-27 | 2017-11-02 | Cisco Technology, Inc. | Security credential protection with cloud services |
US10587651B2 (en) | 2016-05-22 | 2020-03-10 | Guardicore Ltd. | Protection of cloud-provider system using scattered honeypots |
US10129177B2 (en) * | 2016-05-23 | 2018-11-13 | Cisco Technology, Inc. | Inter-cloud broker for hybrid cloud networks |
US10313404B2 (en) * | 2016-06-30 | 2019-06-04 | Microsoft Technology Licensing, Llc | Sharing user context and preferences |
GB2551792B (en) * | 2016-06-30 | 2019-02-13 | Sophos Ltd | Elastic outbound gateway |
US10237240B2 (en) * | 2016-07-21 | 2019-03-19 | AT&T Global Network Services (U.K.) B.V. | Assessing risk associated with firewall rules |
US20180115551A1 (en) * | 2016-10-20 | 2018-04-26 | Brian Cole | Proxy system for securely provisioning computing resources in cloud computing environment |
US10594657B1 (en) * | 2016-11-02 | 2020-03-17 | F5 Networks, Inc. | Methods for parameterized sub-policy evaluation for fine grain access control during a session and devices thereof |
US20190173880A1 (en) * | 2017-12-04 | 2019-06-06 | Samsung Electronics Co., Ltd. | Secure node management using selective authorization attestation |
CN107995499B (zh) * | 2017-12-04 | 2021-07-23 | 腾讯科技(深圳)有限公司 | 媒体数据的处理方法、装置及相关设备 |
US10728245B2 (en) * | 2017-12-07 | 2020-07-28 | Ca, Inc. | HTTP proxy authentication using custom headers |
US11470115B2 (en) * | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
US11405357B2 (en) * | 2018-04-27 | 2022-08-02 | Cloudflare, Inc. | Protecting internet of things (IoT) devices at the network level |
US10855540B2 (en) * | 2018-05-02 | 2020-12-01 | Hitachi, Ltd. | System and method for policy based networked application management |
US11263305B2 (en) | 2018-05-09 | 2022-03-01 | Netflix, Inc. | Multilayered approach to protecting cloud credentials |
US11516182B2 (en) * | 2019-04-10 | 2022-11-29 | Google Llc | Firewall rules intelligence |
-
2019
- 2019-04-25 US US16/393,958 patent/US11263305B2/en active Active
- 2019-05-02 US US16/402,213 patent/US11275824B2/en active Active
- 2019-05-02 US US16/402,210 patent/US11328053B2/en active Active
- 2019-05-08 AU AU2019265709A patent/AU2019265709B2/en active Active
- 2019-05-08 WO PCT/US2019/031387 patent/WO2019217595A1/en unknown
- 2019-05-08 CA CA3097671A patent/CA3097671A1/en active Pending
- 2019-05-08 EP EP19728180.1A patent/EP3791549A1/en active Pending
- 2019-05-08 BR BR112020022500-2A patent/BR112020022500A2/pt unknown
- 2019-05-08 MX MX2020011454A patent/MX2020011454A/es unknown
Also Published As
Publication number | Publication date |
---|---|
AU2019265709B2 (en) | 2024-05-30 |
US20190349369A1 (en) | 2019-11-14 |
AU2019265709A1 (en) | 2020-11-19 |
US20190347404A1 (en) | 2019-11-14 |
US11275824B2 (en) | 2022-03-15 |
US11263305B2 (en) | 2022-03-01 |
EP3791549A1 (en) | 2021-03-17 |
US20190349405A1 (en) | 2019-11-14 |
BR112020022500A2 (pt) | 2021-02-09 |
US11328053B2 (en) | 2022-05-10 |
CA3097671A1 (en) | 2019-11-14 |
WO2019217595A1 (en) | 2019-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
MX2020011454A (es) | Deteccion de compromiso de credenciales en un recurso de nube. | |
PH12019501854A1 (en) | Trusted login method, server, and system | |
US10992818B2 (en) | Usage tracking for software as a service (SaaS) applications | |
MY201796A (en) | Authentication method and blockchain-based authentication data processing method and device | |
SG10201907254XA (en) | Text address processing method and apparatus | |
US9998474B2 (en) | Secure assertion attribute for a federated log in | |
US20180121657A1 (en) | Security risk evaluation | |
WO2016165536A1 (zh) | 一种身份验证方法和设备 | |
JP2014142928A5 (es) | ||
US10206099B1 (en) | Geolocation-based two-factor authentication | |
JP2016532934A5 (es) | ||
GB2549227A (en) | Secure data management techniques | |
SG11201806394TA (en) | Service implementation method and device | |
WO2014182606A8 (en) | Approximate privacy indexing for search queries on online social networks | |
IN2015DE01659A (es) | ||
MX2015007187A (es) | Inteligente y automatizada extracion y verificacion de datos de sitios web. | |
WO2016073457A3 (en) | Identifying a potential ddos attack using statistical analysis | |
JP2016525247A5 (es) | ||
PH12019501176B1 (en) | Wireless network type detection method and apparatus, and electronic device | |
EP4280545A3 (en) | Differentially private database permissions system | |
MX2022005322A (es) | Sistema de simulacion de paginas. | |
WO2017109502A3 (en) | Methods. apparatuses. and computer programs for data processing. and hierarchical domain name system zone files | |
MX2015015510A (es) | Metodo y aparato para tener acceso a una red. | |
GB2573726A (en) | Systems and methods for authenticating platform trust in a network function virtualization environment | |
GB2569476A (en) | Standard and non-standard dispersed storage network data access |