Systems and methods for implementing IPsec connections for one or more virtualized base station entities are provided.

Specific connection request is refused responsive to a match on the MAC ban list. If not on the MAC ban list, and a station has MAC randomization enabled, the specific connection requests is also checked against the hostname ban list, wherein the specific connection request is refused responsive to a match on the hostname ban list. The specific new connection request is allowed to proceed responsive to not matching the MAC ban list and not matching the hostname ban list.

Aspects of the subject disclosure may include, for example, obtaining first data from a first gateway device located at a first location, the first gateway device having had first network traffic pass therethrough, the first data having been generated by a first user plane function that is operative on the first gateway device, the first data being indicative of a first network traffic anomaly associated with the first network traffic that had passed through the first gateway device, and the first network traffic anomaly having been detected by the first user plane function; determining via a control plane function, based at least in part upon the first data, whether a corrective action should be taken as a result of the first network traffic anomaly that is indicated by the first data, the determining resulting in a determination; and responsive to the determination being that the corrective action should be taken as the result of the first network traffic anomaly that is indicated by the first data, sending via the control plane function an instruction to the first user plane function, the instruction that is sent to the first user plane function instructing the first user plane function to take the corrective action with respect to the first network traffic anomaly. Other embodiments are disclosed.

Aspects of the subject disclosure may include, for example, obtaining first data from a first gateway device located at a first location, the first gateway device having had first network traffic pass therethrough, the first data having been generated by a first user plane function that is operative on the first gateway device, the first data being indicative of a first network traffic anomaly associated with the first network traffic that had passed through the first gateway device, and the first network traffic anomaly having been detected by the first user plane function; determining via a control plane function, based at least in part upon the first data, whether a corrective action should be taken as a result of the first network traffic anomaly that is indicated by the first data, the determining resulting in a determination; and responsive to the determination being that the corrective action should be taken as the result of the first network traffic anomaly that is indicated by the first data, sending via the control plane function an instruction to the first user plane function, the instruction that is sent to the first user plane function instructing the first user plane function to take the corrective action with respect to the first network traffic anomaly. Other embodiments are disclosed.

An attack analyzer includes: a security log acquisition unit acquiring a security log including an abnormality detection signal generated by a security sensor mounted on an electronic control device constituting part of an electronic control system and indicating that the security sensor has detected an abnormality; an alive signal acquisition unit acquiring an alive signal; a prediction table storage unit storing a prediction table showing a correspondence relationship between a predicted attack route in the electronic control system and a predicted abnormality detection signal predicted to be generated by the security sensor; an attack route estimation unit estimating, using the prediction table, the attack route of an attack received by the electronic control system from the abnormality detection signal and the alive signal included in the security log; and an attack information output unit outputting attack information indicating the attack route.

Systems and methods for managing communication of a plurality of devices in a computer network having a plurality of access points, including identifying, by a second access point of the computer network, a communication request from at least one device of the plurality of devices; sending, by a first access point of the computer network, at least one communication rule to the second access point, the at least one communication rule including conditions for communication corresponding to the identified communication request; and blocking, by the second access point, communication to the second access point when the received communication request is inadmissible according to the at least one communication rule.

One or more MSRP data packets are received from a first MSRP session and creates a first log entry. One or more MSRP data packets are also received from a second MSRP session and create a second log entry. A correlation between the first and second MSRP sessions based on MDNs can be detected, and mapped correlating information to malicious activity. The mapping includes reconstructing MSRP messages sent from a source and encapsulated in a data field of the packets, including MDNs, and matching to at least one threat from a malicious activity database. In response to the threat matching, to conduct a security action on the first and second MSRP sessions.

A management method is described, the method implemented by a transmission device capable of communicating via a first wireless with a gateway device forming a node of a telecommunication network and configured to communicate with at least one server of the network via the gateway device. The method can include establishing a secure communication session with a terminal included in a list of terminals for which the transmission device has obtained management data. The method can also include receiving via the first communication link a request to end the management of the terminal, and removing the terminal from the list following the receipt of the request. A transmission device which can be used to implement the management method is also described.

Systems, methods, and devices for secure and configurable control of user equipment (UE) devices associated with enterprise accounts are disclosed herein. Each enterprise account is associated with a plurality of UE devices, which may access networked assets associated with the enterprise. In order to manage UE device access to enterprise assets and to other networks via an internet connection through a wireless telecommunications network, data associated with different enterprise accounts is virtually separated at the edge routers and maintained as separate data streams to distinct virtual environments associated with the enterprise accounts at one or more asset hosting servers. The virtual environments on the assets hosting servers further facilitate enterprise-specific control of mobile assets, such as enforcing security policies relating to access, connections, filtering, or encryption.

Systems, methods, and devices for secure and configurable control of user equipment (UE) devices associated with enterprise accounts are disclosed herein. Each enterprise account is associated with a plurality of UE devices, which may access networked assets associated with the enterprise. In order to manage UE device access to enterprise assets and to other networks via an internet connection through a wireless telecommunications network, data associated with different enterprise accounts is virtually separated at the edge routers and maintained as separate data streams to distinct virtual environments associated with the enterprise accounts at one or more asset hosting servers. The virtual environments on the assets hosting servers further facilitate enterprise-specific control of mobile assets, such as enforcing security policies relating to access, connections, filtering, or encryption.