• Latest

New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination

14 February, 2011
China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020
TEMSA: Bus exports to be delivered to the heart of the European Union

TEMSA: Bus exports to be delivered to the heart of the European Union

18 December, 2020
EU tries to reshape the rules of the Internet

EU tries to reshape the rules of the Internet

17 December, 2020
Matterport Brings 3D Capture to the iPhone

Matterport Brings 3D Capture to the iPhone

5 May, 2020
NASA Administrator Statement on Agency Coronavirus Status

NASA Administrator Statement on Agency Coronavirus Status

15 March, 2020
Technology Supports Social Distancing in age of Covid-19

Technology Supports Social Distancing in age of Covid-19

15 March, 2020
Second Staff Exchange Between EU CyberSecurity Organizations

Second Staff Exchange Between EU CyberSecurity Organizations

19 February, 2020
Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

16 February, 2020
Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

6 February, 2020
Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

31 January, 2020
Turkish Competition Authority’s Android Decision

Turkish Competition Authority’s Android Decision

18 December, 2019
  • About Us
  • Contact Us
  • Homepage
  • Latest News
  • News Widget
  • Privacy Policy
Thursday, June 1, 2023
Social icon element need JNews Essential plugin to be activated.
  • Login
  • Register
Globaltelconews
Advertisement
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
Globaltelconews
No Result
View All Result

New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination

globaltelconews-admin by globaltelconews-admin
14 February, 2011
in English
0

London, UK February 14, 2011 Stonesoft, an innovative provider of integrated network security and business continuity solutions, today announced it has discovered 124 new advanced evasion techniques (AETs). Samples of these AETs have been delivered to the Computer Emergency Response Team (CERT-FI), who will continue to coordinate a global vulnerability coordination effort.

The discovery of AETs was first reported in October 2010. Since that time, Stonesoft has continued extensive research in the area, which has led to the discovery of 124 new threats. Stonesoft continues to research AETs found in its R&D laboratories and in the wild.

Many vendors claimed to have fixed the product vulnerabilities disclosed in CERT-FIs initial advisories on the 23 AETs discovered last fall. However, real-life testing in Stonesofts research lab confirms that AETs are still able to penetrate many of these systems without detection. In other cases, simple microscopic changes to an AET such as changing byte size and segmentation offset allow them to bypass the products detection capabilities. This demonstrates that most vendors are only providing temporary and inflexible fixes to the growing AET concern, rather than researching and solving the fundamental architecture issues that give way to these vulnerabilities.

It seems that those who claim to have 100 percent protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue. The discoveries made so far are only the tip of the iceberg, says Joona Airamo, chief information security officer at Stonesoft.

Traditional and advanced evasion techniques have become of increasing concern to the network security community. In its Network IPS Group Test Q4 2010, independent testing lab NSS Labs described IP fragmentation and TCP segmentation evasions as a grave threat stating if an attacker can avoid detection by fragmenting packets or segmenting TCP streams, an Intrusion Prevention System will be completely blind to ALL attacks.

“Missing an evasion means a hacker can use an entire class of exploits to circumvent a security product, rendering it virtually useless, said Rick Moy, president, NSS Labs. Combining certain evasions further increases the likelihood of success for attackers, and elevates the risk to enterprises.

While there is no single solution to eliminating the threat of AETs, organisations can mitigate the risks and lessen their vulnerability. One such way is making sure the security devices they use do a proper multilayer normalisation process, working on all relevant protocol layers for each connection. Centralised management is also critical as it enables constant updates and upgrades to be made deep within a networks security architecture. Unfortunately, fingerprinting and signature-based matching typical security responses for the actual exploits do not work with the dynamic, combinatory and constantly evolving nature of AETs.

Bob Walder, research director at Gartner, Inc., who discussed AETs at length in his November 2010 report entitled Advanced Evasion Techniques (AET): Weapon of Mass Destruction or Absolute Dud comments: “Evasion techniques are not new, yet still present a credible threat against the network security infrastructure that protects governments, commerce and information-sharing worldwide. Recent research has, thankfully, forced this issue once again into the spotlight, and network security vendors need to devote the research and resources to finding a solution.”

Previous Post

Winners of European IT Excellence Awards announced

Next Post

Ericsson and Akamai Establish Exclusive Strategic Alliance to Create Mobile Cloud Acceleration Solutions

Next Post

Ericsson and Akamai Establish Exclusive Strategic Alliance to Create Mobile Cloud Acceleration Solutions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Navigation

  • Authors
  • Author Login
  • Author Application
  • Advertisement
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Sitemap
Social icon element need JNews Essential plugin to be activated.

© 2018 Globaltelconews.com

No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy

© 2018 Globaltelconews.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In