A network security system includes a barrier surrounding an enclosure. The enclosure contains a first network and a first networked device connected to the first network. The barrier prevents the first network from breaching the enclosure and permits a second network to penetrate a first portion of the barrier. A container located within the enclosure mounts to the first portion of the barrier, such that a second portion of the container superposes the first portion of the barrier. The container permits the first network and the second network to enter the container. The container prevents the second network from breaching the container and entering a third portion of the enclosure located outside the container. A firewall device located within the container controls network traffic between the first networked device and a second networked device connected to the second network.

Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.

Methods, devices, and computer program products for authenticating a peripheral device are provided in embodiments of the present disclosure. In one method, a peripheral device sends, to an edge device, a first authentication request for at least the peripheral device to use resources of the edge device, the first authentication request comprising at least a first identifier associated with the peripheral device and location information of the peripheral device. Then, the peripheral device receives an authentication success or failure indication from the edge device. In this way, effective authentication of a peripheral device can be realized with a less complicated authentication process, so that the security of access of the peripheral device to a virtual desktop can be improved while ensuring good user experience.

An in-vehicle control system mounted on a vehicle includes: a first control unit; a second control unit connected to the first control unit via a first communication path; and a third control unit connected to the second control unit via a second communication path. The second control unit has an internal communication path configured to be able to connect the first communication path and the second communication path and connects the first communication path and the second communication path via the internal communication path when the vehicle is in a predetermined operation state.

A fabric interface, including: an ingress port to receive incoming network traffic; a host interface to forward the incoming network traffic to a host; and a virtualization-aware overload protection engine including: an overload detector to detect an overload condition on the incoming network traffic; a packet inspector to inspect packets of the incoming network traffic; and a prioritizer to identify low priority packets to be dropped, and high priority packets to be forwarded to the host.

Examples include registering a device driver with an operating system, including registering available hardware offloads. The operating system receives a call to a hardware offload, inserts a binary filter representing the hardware offload into a hardware component and causes the execution of the binary filter by the hardware component when the hardware offload is available, and executes the binary filter in software when the hardware offload is not available.

A method for the cryptographically protected unidirectional data transmission of payload data, wherein one or more data packets includes the payload data are transmitted on an end-to-end data transmission link from a first communication unit in a first network via a one-way communication unit, which is arranged between the first network and a second network, to a second communication unit in the second network, is provided.

An MRI image processing and analysis system may identify instances of structure in MRI flow data, e.g., coherency, derive contours and/or clinical markers based on the identified structures. The system may be remotely located from one or more MRI acquisition systems, and perform: error detection and/or correction on MRI data sets (e.g., phase error correction, phase aliasing, signal unwrapping, and/or on other artifacts); segmentation; visualization of flow (e.g., velocity, arterial versus venous flow, shunts) superimposed on anatomical structure, quantification; verification; and/or generation of patient specific 4-D flow protocols. A protected health information (PHI) service is provided which de-identifies medical study data and allows medical providers to control PHI data, and uploads the de-identified data to an analytics service provider (ASP) system. A web application is provided which merges the PHI data with the de-identified data while keeping control of the PHI data with the medical provider.

A network manager configures a first node to participate in a node cluster that spans at least a first cloud service provider and the second cloud service provider. The network manager configures a second node to participate in the node cluster. The network manager configures a third node to participate in the node cluster. The network manager initiates the first node as a virtual machine. The network manager initiates the second node as a containerized program. The network manager initiates the third node as a containerized program. The network manager sends messages into the first cloud serves and into the second cloud service to cause the containerized program of the second node and the containerized program of the third node to synchronize data such that the containerized program of the second node and the containerized program of the first node perform the same network security actions.

Various examples described herein are directed to identifying a particular computing device, such as a computing device having malware. A DNS query may be received with a token identifying an originating computing device. The DNS query may be compared to a list of domain names associated with particular characteristics, such as having malware. The token may be used to identify the originating computing device and perform further actions.